ClawHub

Cline Programming

Security checks across malware telemetry and agentic risk

Overview

This skill appears to automate coding actions with auto-approval enabled, which is risky enough that users should review it carefully before installing.

Install only if you are comfortable with the agent running coding actions without manual confirmation. Prefer using it in a disposable or version-controlled workspace, remove or avoid auto-approval flags for execution, and review generated plans before allowing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill presents a safety-oriented plan->check->act workflow, but repeatedly normalizes `--yolo` auto-approval as the default for both planning and execution. In a tool that can generate and run code, auto-approving all actions materially weakens human review and can lead to unintended command execution, file modification, or other unsafe side effects from prompt injection or bad model output.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script claims to support a plan-check-act workflow, but it actually invokes both planning and execution directly with `--yolo`, which bypasses an explicit human review/check step. In an agent skill for AI-driven programming, this increases the chance of unsafe or unintended code changes being proposed and then executed automatically, undermining the stated safety model.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script runs `cline task ... --act --yolo`, which may let the tool make changes automatically, but it provides no warning, isolation, or confirmation prompt before doing so. In the context of a programming skill that can modify files or project state, this creates a real operational safety risk because users may treat the test as harmless while it performs unattended actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal