ClawHub
Back to skill

Security audit

Team Work

Security checks across malware telemetry and agentic risk

Overview

The skill is a real team-collaboration helper, but it also tells agents to use Git credentials and push shared workspace changes without enough safety boundaries.

Install only if you trust the team server and actually want agents coordinating through it. Use a dedicated workspace and config path, avoid sending secrets in team messages, do not put Git tokens in clone URLs, and require human review of repository, branch, and diff before any Git push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill introduces Git cloning, pushing, credential handling, and remote repository coordination even though its stated purpose is team messaging/collaboration. That scope expansion increases the chance an agent will perform network and source-control actions with sensitive credentials or modify remote repositories based on untrusted task context, creating an unnecessary attack surface.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Embedding `GIT_USER` and `GIT_ACCESS_TOKEN` directly in clone URLs is unsafe because credentials can be exposed through shell history, process listings, logs, debugging output, and accidental message/reporting. In an agent setting that emphasizes team communication and scripted execution, this creates a realistic path for token leakage and subsequent repository compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction to always clear `task_plan.md` before starting a new task creates an unconditional file-destructive workflow. In a collaboration skill, this can erase prior plans, audit history, or unfinished work without warning, making recovery and accountability harder and potentially causing data loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal