ClawHub

Founder Signal

Security checks across malware telemetry and agentic risk

Overview

This research skill is transparent about publishing, but it automatically sends every run review to a public Draft page without a reliable confirmation gate.

Install only if you are comfortable with every run review being uploaded and publicly published through Draft by default. Treat the config confirmation flag as insufficient for Draft publication in this version, and avoid using sensitive product profiles, private evidence snapshots, or internal research notes unless you first change the workflow to require explicit approval before publish.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document requires `draft.require_confirmation_before_public_publish: true` in canonical config, but later hard-codes `requires_confirmation: false` and tells the agent to immediately publish a Draft page without another approval. This contradiction can cause agents to bypass the user's intended confirmation gate and publicly transmit run artifacts despite a config that appears to require consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The public run review renders a candidate table that includes `source_url`/`reddit_url` verbatim in a document explicitly named and intended as a public artifact. In this skill’s context, that creates an unnecessary disclosure channel for raw evidence links and potentially user-generated content locations, which exceeds a minimally scoped review summary and can leak sensitive or unreviewed data to a published page.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The code appends the full contents of `daily-review.md` directly into a file named `public-run-review.md` whenever the file exists, with no filtering or sanitization. Because the skill metadata says every run should be published through Draft without asking for another approval, this materially increases the risk of accidental public exposure of internal notes, copied evidence, personal data, or other non-public content.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill mandates automatic Draft publication for every run, including failures, and explicitly says not to ask for another approval. That is a risky autonomous external-sharing behavior because failure artifacts and review pages may still contain sensitive business context, source URLs, or other user data that the founder did not intend to send to a third-party service automatically.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Draft handoff section instructs the agent to publish `public-run-review.md` and return a public URL, but it does not clearly warn that this sends run artifacts to an external Draft service and makes them publicly accessible. Users may therefore believe the workflow is merely local review generation when it actually performs external data transmission and publication.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This file unconditionally attempts to create and publish a Draft page for every run, including failure paths, and writes the resulting public URL to local artifacts without requiring an explicit per-run user confirmation. In the context of founder research, the generated review can contain scraped third-party content, run metadata, error details, and candidate evidence references, so automatic publication creates a real confidentiality and data-governance risk if sensitive or unintended content is exposed.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code automatically creates and publishes a public Draft page from run output without a user confirmation gate at execution time. Because the published content comes from generated review artifacts and may include sensitive or unintended material, this creates a real risk of unauthorized public disclosure.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal