ClawHub

Preqstation

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent coding-delegation helper, but it asks agents to bypass normal sandbox protections and has broad triggers, so users should review it carefully before installing.

Install only if you intentionally want a powerful delegation skill that can run local coding agents with normal sandbox and approval checks disabled. Use it only on trusted repositories, avoid broad or ambiguous `preq` requests, keep MEMORY.md private, and review any project path or remote PR operation before allowing execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README instructs the agent to invoke the skill from broad natural-language cues such as any request about PREQSTATION task execution, mapped projects, or messages containing `preq`/`preqstation`. In a skill that launches external coding CLIs with filesystem access and optional background execution, ambiguous triggering increases the chance of unintended activation, causing the agent to run higher-risk operations when the user may have intended simple discussion or inspection.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase `preq` is so short and generic that it can match ordinary user text and unintentionally activate a high-privilege execution skill. In this skill's context, accidental invocation is more dangerous because activation can lead to launching external coding agents with sandbox/approval bypass flags.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to read and update `MEMORY.md` project mappings, but it does not require explicit user consent before modifying a local repository file. This creates an integrity risk because a seemingly operational request can silently persist changes to configuration/state on disk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill normalizes the use of `--dangerously-skip-permissions`, `--dangerously-bypass-approvals-and-sandbox`, and equivalent sandbox-disabling behavior without a strong user-facing warning or explicit opt-in. In a delegation skill that launches external CLIs against local worktrees, this materially reduces safety boundaries and can allow unintended file changes, command execution, or data access with fewer checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal