Draft Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly scoped staff moderation helper that documents high-impact admin actions and requires user-directed confirmation before writes.

Install only if you are ClawHub staff or otherwise authorized to run the ClawHub admin CLI. Treat its commands as production-impacting: confirm the exact target, reason, and email content before approving any write or send action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 72% confidence
Finding: The instructions tell the agent to fetch a provided public URL and then follow metadata-provided endpoints such as comments_api_url and task_toggles_api_url. If those URLs are not constrained to trusted Draft domains or validated against an allowlist, an attacker could supply a crafted page or manipulated metadata that causes the agent to make arbitrary outbound requests, creating an SSRF-style primitive or unintended data access path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal