ClawHub

deterministic-controller

Security checks across malware telemetry and agentic risk

Overview

This is a transparent docs-only controller template with opt-in automation and Telegram logging, not an automatic installer or hidden data sender.

Install only if you want an agentic project controller. Before arming it, review HEARTBEAT.md and ACTIVITIES.md, keep the cron and heartbeat disabled until ready, remove secrets from the listed memory/profile files, and enable Telegram or cross-context sending only for a trusted destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The snippet enables cross-context and cross-provider message delivery without any accompanying warning, consent guidance, or scope restrictions. In an agent/control-plane setting, this increases the risk of unintended data exfiltration, misdelivery of sensitive content, or messages being sent into the wrong channel/provider boundary if users apply the example as-is.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The prompt instructs an agent to make multiple persistent workspace changes and to create a cron job that polls every 3 minutes, but it does not require explicit user confirmation, safety checks, or a clear warning that files and scheduling state will be modified. Even though the cron is initially disabled, this kind of setup prompt can still cause unintended configuration changes, privacy issues, or operational drift if copied into a privileged agent session without review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file mandates that all control-plane logs be sent to an external Telegram destination, creating an outbound data flow without any consent, warning, data minimization, or trust-boundary checks. Even if the listed log lines appear operational, task names, failure reasons, and workflow state can expose sensitive project metadata to a third party or misconfigured recipient.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal