ClawHub

long-running-agent

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can persist and resume agent work, write or overwrite project files, and optionally continue work through heartbeat-style automation.

Install only if you want persistent cross-session agent project memory. Use it in a dedicated workspace, avoid storing secrets in PROJECT.md or CHANGELOG.md, review those files before resuming work, avoid arbitrary --path values, back up existing task folders before initializing, and enable HEARTBEAT/background continuation only when you explicitly want work to resume without a new prompt.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad and overlap with ordinary conversation such as '继续工作' or '查看进度', which can cause unintended activation. In an agent skill that creates directories, reads prior state, and writes project files, accidental invocation can lead to unauthorized workspace changes or unintended continuation of prior tasks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The command reference defines ambiguous trigger conditions without clear boundaries, increasing the chance the skill will activate on incidental user language. Because this skill persists memory and modifies files across sessions, misfires are more dangerous than in a read-only skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic generation and updating of PROJECT.md and CHANGELOG.md without warning the user that it will write to the filesystem. Silent state changes are risky in agent environments because users may not realize a casual request will persist data or alter workspace contents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-start workflow performs directory creation and file generation immediately as procedural steps, with no user-facing consent gate. In a long-running orchestration skill, this can unexpectedly persist data, overwrite user expectations about workspace state, and chain into further autonomous actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal