ClawHub

TeamClaw Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent, but it can route broad coding requests into a local multi-agent controller without clear user confirmation or data-use warnings.

Install only if you intentionally want coding requests to be delegated to TeamClaw. Before using it, confirm the local controller and workers are trusted, ask for confirmation before intake submissions, and avoid sending secrets or sensitive project data unless you understand how TeamClaw stores logs and restricts workspace file access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger phrases are broad enough to match many ordinary software-related requests, which can cause the skill to activate when the user did not explicitly intend to delegate work to TeamClaw. Because activation leads to sending user requirements to a local HTTP controller, accidental invocation can result in unintended task submission and disclosure of user content.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The markdown says that generic build/create intents are sufficient to invoke the skill, which makes activation ambiguous and likely to over-trigger on normal developer assistance requests. In this skill's context, over-activation is security-relevant because the workflow then forwards user-supplied content to another service and may initiate autonomous team actions the user did not mean to start.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to submit user requirements to a controller over HTTP but does not warn the user that their content will be transmitted outside the current chat context. This omission undermines informed consent and can expose sensitive prompts, code, credentials, or project details to a local service the user may not realize is being used.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API reference documents a workspace file-read endpoint that can expose arbitrary local file contents, but it provides no warning about sensitive data access, path restrictions, or authorization expectations. In a skill that orchestrates multiple workers and exposes a local controller on 127.0.0.1, this capability increases the risk that a user, subagent, or connected component could read secrets, source files, credentials, or other local data if the endpoint is reachable without strong controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal