ClawHub

coding-agent-common

Security checks across malware telemetry and agentic risk

Overview

This instruction-only coding-agent skill is coherent, but it prominently normalizes permission-bypass, auto-approval, background execution, and PR publishing workflows that can change real projects without enough user gating.

Install only if you intentionally want a skill that launches external coding agents with broad local authority. Use it in a temporary worktree or disposable project copy, avoid yolo and permission-bypass modes unless the repository is trusted and backed up, monitor background sessions, review diffs before pushing, and confirm the active git remote and GitHub account before running PR commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs use of `claude --permission-mode bypassPermissions --print` and presents it as the correct/default usage. That normalizes unrestricted execution by a coding agent that may read, modify, and run code without an approval boundary, substantially increasing the chance of unintended or unsafe actions.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The skill goes beyond local coding assistance and documents `git push` and `gh pr create`, enabling remote publication of generated changes. This expands the operational scope from coding into external collaboration and data egress, which is riskier if the agent produces unsafe code, mishandles secrets, or pushes unintended changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples encourage running coding agents in bypass/auto-approval modes without prominently warning that they can execute commands and change files autonomously. Users may copy these commands as-is, resulting in broad code modification or command execution with insufficient awareness of the risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide lists `--yolo` as an available mode and describes it as fastest, but does not strongly discourage its use in the command guidance where users are most likely to copy from. Because `--yolo` removes sandboxing and approvals, it materially raises the chance of destructive filesystem, git, or network actions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation repeatedly recommends running Claude Code with `--permission-mode bypassPermissions`, which disables safety/approval checks for code execution. In a coding-agent skill that is explicitly intended for building, refactoring, bug fixing, and iterative coding, this materially increases the chance that model-generated commands can modify files, run risky shell commands, or access sensitive resources without user review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly recommends `--full-auto` or `--yolo` to bypass interactive confirmation, including labeling `--yolo` as dangerous, but it does not clearly explain the security consequences or require cautious, scoped use. In a coding-agent skill that wraps powerful code-execution tools, guidance that normalizes high-autonomy modes can lead users or downstream agents to execute destructive, unsandboxed, or unintended actions without review.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal