ClawHub

项目制多智能体开发协议

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed project-workflow helper that persists local project tracking state, with no evidence of exfiltration, deception, or destructive behavior.

Install only if you want a project-mode workflow that updates local project tracking files. Review dev_Project.md and system_protocol_project_mode.md before use, avoid putting secrets in those files, and do not run the optional memory_viewer.py command unless you trust that local script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs reading and writing project files (`system_protocol_project_mode.md`, `dev_project.md`) while declaring no permissions, creating a mismatch between documented behavior and declared authority. This undermines user and platform trust boundaries because the skill can modify workspace state in the background without explicit capability disclosure.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Using the broad trigger phrase '项目制' makes accidental invocation plausible during ordinary conversation, especially because activation is described as mandatory once the phrase appears. In this skill, accidental invocation is more dangerous than usual because activation leads to multi-step orchestration and background file updates.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the tool will automatically decompose tasks and process retries, but it does not clearly warn that it will update `dev_project.md` in the background. Hidden state mutation is security-relevant because users may invoke the skill without realizing it will persist changes to workspace files, potentially overwriting planning data or creating misleading project state.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal