ClawHub

Pilot Dev Team Assistants Setup

Security checks across malware telemetry and agentic risk

Overview

This setup skill is coherent for building a four-agent PR workflow, but users should verify peer identities and downstream permissions before trusting agents.

Install only if you intend to run a multi-agent PR automation setup. Before exchanging handshakes, verify each agent hostname, prefix, and owner, and review the downstream Pilot skills for GitHub or Slack tokens, PR-comment permissions, file sharing, and network exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that trust is auto-approved once both sides exchange handshakes, but it does not warn users that this creates an authenticated communication path that can be abused if the wrong hostname, compromised host, or spoofed deployment prefix is used. In a multi-agent system that forwards PR data, test results, documentation, and posts summaries back to GitHub or Slack, implicit trust establishment increases the risk of unauthorized task injection, data exfiltration, or false review/test outputs being treated as legitimate.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill explicitly instructs the agent to modify a persistent local configuration file under the user's home directory without any warning, confirmation gate, or description of rollback behavior. While this appears to be normal setup behavior for the skill, silent persistence can surprise users, alter future agent behavior, and create unwanted state on the host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal