ClawHub

Cc Coder

Security checks across malware telemetry and agentic risk

Overview

This coding skill is generally aligned with its purpose, but it tells agents to bypass approval safeguards during broad programming tasks.

Review before installing. Use only in trusted repositories, avoid or remove `--dangerously-skip-permissions`, verify the local `claude` binary, and require explicit confirmation before file edits, command execution, server starts, or Git commits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs use of `claude -p --dangerously-skip-permissions`, which disables approval safeguards for potentially sensitive actions. In a code-writing skill, this creates a direct path for unattended file changes and other privileged operations without user review, increasing the chance of unauthorized or unsafe execution.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The workflow expands from generating code into running syntax checks, launching servers, and testing applications, which broadens the operational footprint beyond the stated purpose of code writing. This increases risk because execution-oriented steps can affect the host environment, expose services, or interact with untrusted project code.

Description-Behavior Mismatch

Low
Confidence
90% confidence
Finding
Including Git commit actions in the example extends the skill into repository mutation, which is outside the manifest's stated code-writing scope. Repository writes can prematurely persist unsafe or unreviewed changes and may be combined with permission bypass to create durable impact.

Vague Triggers

High
Confidence
87% confidence
Finding
The trigger conditions are extremely broad, causing the skill to activate for almost any programming-related request. Over-broad activation increases the chance that risky behaviors in the skill, including permission bypass and execution steps, are invoked in contexts where they are unnecessary or unexpected.

Missing User Warnings

High
Confidence
99% confidence
Finding
The markdown directs operators to use a permission-skipping command but provides no warning, justification, or requirement for explicit user authorization. Omitting risk disclosure normalizes unsafe operation and makes it more likely that privileged actions will be taken silently in routine coding tasks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal