ClawHub

Agent Guru

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only guide for production agent design; its risky examples are relevant to the topic but should be hardened before use.

Safe to install as a reference guide. Do not copy the snippets into production unchanged: add redaction for logs, explicit trust boundaries for memory files, secret-safe database configuration, access checks for session resume, and retention/deletion controls for persisted memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The design loads AGENT.md-style memory files not only from the working directory but also from user-home and system-wide locations, then injects that content into every system prompt. This creates an implicit trust boundary violation: unreviewed local files can silently steer agent behavior, leak sensitive local context into prompts, or enable prompt-injection persistence across sessions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file recommends injecting persistent memory content into every system prompt without a user-facing warning or trust model, and the implementation searches multiple filesystem locations automatically. In a production multi-agent setting, this is dangerous because prompt behavior can be persistently modified by local files outside the immediate project, increasing the risk of stealthy instruction poisoning and unintended disclosure of sensitive context.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The long-term memory design stores decisions, preferences, and knowledge in a persistent vector store, but the example provides no concrete consent, retention, deletion, or data-minimization controls beyond a brief note in the mistakes table. That can lead to inadvertent retention of sensitive user data, cross-session privacy leakage, and unauthorized recall of historical content into future prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The telemetry guidance and example code explicitly capture prompt previews, tool inputs, and tool outputs and emit them to a sink without any redaction, classification, or warning about sensitive-data handling. In a production multi-agent setting, those fields can contain secrets, personal data, source code, internal documents, or regulated content, and forwarding them to logs or third-party observability backends can create a secondary data-exposure channel.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example hardcodes a PostgreSQL connection string containing a username and password directly in source. Even though this appears to be documentation, production-agent-design guidance is likely to be copied verbatim into real systems, which can lead to credential leakage in repositories, logs, and shared docs and normalizes insecure secret handling.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal