ClawHub

WorkRally

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate WorkRally helper, but it gives an agent broad authenticated control over remote creative projects, shared canvases, uploads, and deletion workflows.

Install only if you want an agent to operate your WorkRally account and remote project resources. Prefer environment-based credentials when possible, confirm any upload, generation, delete, overwrite, or raw `tools call` action, and provide exact project/canvas IDs before allowing the agent to modify shared workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The guide tells agents to run `workrally generate image --project-id <画布ID>`, conflating project IDs and canvas IDs despite earlier warning that they are distinct. In an agent setting this can cause commands to target the wrong scope, fail unpredictably, or generate/write content into an unintended workspace, which is a real integrity and safety issue.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill’s invocation scope is very broad and overlaps with common user intents like file upload/download, project management, and AI generation without strong narrowing conditions. In an agent setting, this can cause over-selection of the skill and unnecessary exposure of credentials, remote API calls, or data movement when a more limited or local tool would have sufficed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents authentication methods that persist API keys to disk and supports upload/download flows, but it does not prominently require user confirmation or warn that local files may be transferred to remote infrastructure and credentials stored in a config file. In an agent context, this increases the risk of unintended exfiltration of local data, use of sensitive tokens, and credential persistence beyond the current session.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document states that CLI writes sync in real time to all online users, yet the subsequent workflow examples normalize direct write operations without requiring confirmation or advising agents to obtain user approval first. In a collaborative environment, this increases the chance of unintended live modifications, information exposure, or disruption caused by autonomous agent actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The deletion workflow documents `--delete-node-ids` usage, including combined delete-and-write operations, without requiring confirmation or a dry-run/review step. In a shared real-time canvas this can cause immediate loss of collaborative content and accidental destructive actions by an agent acting on ambiguous user instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal