ClawHub

Universal Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an autonomous command-and-script executor, but its scope and persistence are too broad for the safeguards it provides.

Install only if you intend to run a broad autonomous executor. Use it in a disposable, low-privilege sandbox; avoid secrets and production data; disable memory for sensitive work; do not use dangerous mode; and inspect generated commands/scripts before execution. Avoid hardware control, account actions, financial/business mutations, and broad filesystem tasks unless you add stronger confirmation and containment controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests like 'help me do X automatically' or 'generate code and run it,' which can cause this highly privileged skill to activate unintentionally. Because the skill is designed for autonomous code generation and execution, accidental invocation materially raises the risk of unsafe actions.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The 'When to Use' guidance covers an extremely wide class of requests, including file operations, system administration, CLI tools, and API calls, without defining boundaries. This broad activation surface makes it more likely that the skill will be selected in contexts where safer, narrower tools should be used instead.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill prominently describes end-to-end automatic command and script execution, including control over software and hardware, but does not present an equally prominent warning about the risks of executing generated code. In this context, missing warnings are dangerous because users may not realize the skill can perform destructive, privacy-impacting, or irreversible actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The capability list explicitly includes system administration, file operations, API calls, and hardware control, but the markdown does not pair those claims with clear user-facing cautions and safeguards. Given the breadth of impact, omission of warnings materially increases the chance of misuse or unsafe reliance on the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Inline Simulation mode explicitly says that safety, retry, and memory protections are not used, yet it does not clearly instruct users or host agents not to rely on this mode for risky operations. That creates a hazardous gap where the most permissive mode may be used without the safeguards described elsewhere in the skill.

Ssd 3

Medium
Confidence
88% confidence
Finding
The documentation explicitly promotes persistent memory across sessions and storage of learned knowledge and variables, creating a real risk that sensitive prompts, secrets, or operational data will be retained in plaintext and later disclosed or reused unintentionally. In a universal agent that auto-generates and executes commands, this retained context materially increases the chance of privacy leakage and cross-task data contamination.

Ssd 3

Medium
Confidence
90% confidence
Finding
The interactive `remember X` command encourages arbitrary retention of user-supplied information without any visible safeguards around sensitivity, scope, or expiration. In this skill's context, users may ask the agent to handle credentials, system details, or business data, so a generic memory primitive can lead to persistent storage and later leakage of sensitive information.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal