ClawHub

aiclone

Security checks across malware telemetry and agentic risk

Overview

This is a coherent clone and restore tool, but it can copy sensitive agent memory and overwrite persistent agent behavior, so it needs careful review before use.

Install only if you intentionally need to clone or restore agent workspaces. Before export, inspect the package for private memory, user data, credentials, endpoints, and proprietary files. Before import, use preview, verify the source, back up the target workspace, and avoid --force unless the archive is fully trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs users to run import/export workflows that create and overwrite files, but it does not declare corresponding permissions. Undeclared file-write capability weakens reviewability and consent because users and policy systems cannot easily understand that the skill modifies local workspace contents and may overwrite existing configuration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages exporting and sharing full robot configuration bundles including files like USER.md, MEMORY.md, TOOLS.md, and AGENTS.md, which may contain personal data, internal prompts, credentials, endpoints, or operational secrets. Although some file patterns are excluded, the documentation lacks a strong privacy warning that these contents can still expose sensitive user data and organizational context when transmitted to another party.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documented --keep-paths option preserves full filesystem paths in metadata, which can reveal usernames, host layout, project names, and other environment details useful for reconnaissance. The feature is mentioned without a strong inline warning in the command reference, increasing the chance that users enable it without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly recommends a destructive command (`find memory/ -name "*.md" -mtime +7 -delete`) that permanently deletes memory files older than 7 days, but it does not pair this with a warning about irreversibility, backup guidance, or a safer preview step. In a cloning/backup skill, advising deletion of historical memory data is particularly risky because users may run the command to reduce package size and unintentionally destroy important state needed for recovery, auditing, or continuity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation explicitly instructs users to scan and package an entire workspace that includes identity files, long-term memory, project assets, scripts, and references to logged-in services. Even though the skill claims to be security-hardened and mentions some exclusions elsewhere, this file normalizes full-workspace cloning without prominent privacy and credential-handling warnings, creating a substantial risk of exporting sensitive personal data, proprietary content, session state, or tokens.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal