ClawHub

Audit Code

Security checks across malware telemetry and agentic risk

Overview

The code-audit skill is coherent, but its optional sync script can overwrite or delete local agent skill directories and does not safely constrain destination names.

Review the sync script before running it. The prompt-only skill is a normal code-audit aid, but do not run scripts/sync-to-agents.sh unless you intentionally want it to change local agent skill folders. Avoid custom --skill-name values containing slashes or .., prefer the default name, and back up existing ~/.codex/skills, ~/.claude/skills, or ~/.cursor/skills entries before syncing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The destination path is built from a user-controlled --skill-name and then deleted with rm -rf or overwritten via rsync --delete under an agent root. Because the script does not validate SKILL_NAME for path separators, traversal, or reserved values, a caller can target arbitrary paths beneath or relative to the agent skill directory (for example via nested paths or .. segments), causing unintended deletion or replacement of directories.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description uses broad triggers such as 'audit code,' 'deep review,' and 'stress-test a codebase,' which can cause the agent to invoke this skill in many ambiguous contexts without clear boundaries. Over-broad activation increases the chance that sensitive repositories, unrelated tasks, or higher-risk analyses are pulled into an aggressive audit workflow unintentionally, which can create data-exposure, overreach, or unsafe-autonomy risks depending on the hosting agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
In symlink mode, the script unconditionally removes any existing destination with rm -rf before creating the new link. Without confirmation, dry-run support, or destination safety checks, operator error or a crafted --skill-name can destroy existing skill content or other directories reachable under the computed path.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
In copy mode, rsync -a --delete will remove files in the destination that are not present in the source. This is inherently destructive, and because the destination is partly user-controlled and there is no explicit warning or preview, a mistake can wipe unrelated files under the target path.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal