ClawHub

Sub-agent Orchestrator

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a coherent sub-agent orchestration protocol, but it lets delegated agents send results to external messaging channels without enough consent and privacy controls.

Review before installing. This is not malicious code, but only use it if you are comfortable with sub-agents writing task logs to disk and potentially sending completed results to external messaging channels. Disable or modify the external delivery path unless recipients, consent, and content limits are explicitly controlled.

SkillSpector (4)

By NVIDIA

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The protocol explicitly allows sub-sessions to send results directly over external channels such as WeChat or Telegram. That expands an orchestration skill into outbound communication without documenting approval, recipient validation, content limits, or audit controls, creating a real risk of unintended data disclosure or misuse of messaging capability.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly allows a sub-session to directly send results to external channels such as WeChat or Telegram, but it does not require a clear user-facing consent step at the time of delivery. In an orchestration skill, this is more dangerous because delegated sub-agents may act semi-autonomously, increasing the risk of unintended disclosure, spam, or sending sensitive/generated content to the wrong recipient.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill directs sub-sessions to create and update files in a workspace, including task tracking and per-step logs, without an explicit warning that the skill modifies local files. While file creation is core to crash recovery and orchestration here, undisclosed writes can still surprise users, overwrite expected state, or persist sensitive intermediate reasoning/artifacts on disk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The protocol permits direct notification through external messaging channels but provides no user-facing privacy warning, transmission notice, or guidance on what data may be sent. In a sub-agent context handling heavy analysis or writing tasks, results may contain sensitive user content, making silent external transmission materially risky.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal