ClawHub

Unified Reasoning

Security checks across malware telemetry and agentic risk

Overview

This skill does not show malicious behavior, but it is under-scoped for a broad “critical” reasoning component and can load unreviewed local code that is not included in the package.

Install only if you can verify the missing implementation, especially unified_reasoning.py and any referenced reasoning-engine.ps1. The visible files do not show exfiltration or destructive behavior, but the skill is broad enough to influence planning and decision tasks while its real runtime behavior is not fully reviewable from the package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
A 'single entry point for all reasoning' creates an activation surface so broad that the skill can be selected for many unrelated prompts, including sensitive planning or decision tasks. In combination with the skill's AGI-controller framing and critical priority, overbroad activation increases the chance of unintended invocation, privilege creep, and misuse of any unsafe underlying behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The documented classification triggers rely on generic keyword matching such as 'best,' 'alternative,' 'option,' 'combine,' or 'verify,' which commonly appear in ordinary user queries. That makes routing easy to manipulate or accidentally trigger, allowing untrusted input to steer strategy selection and potentially invoke expensive or unsafe execution paths without meaningful validation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The wrapper dynamically loads and executes a sibling Python file at runtime via importlib and exec_module, which runs arbitrary top-level code from that file with no integrity check, sandboxing, allowlist, or user disclosure. In an agent skill context, this expands the trust boundary significantly: if unified_reasoning.py is replaced, tampered with, or sourced from an untrusted package, arbitrary code execution occurs as soon as the wrapper initializes.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal