ClawHub

Session Handoff

Security checks across malware telemetry and agentic risk

Overview

This skill locally creates and checks session handoff notes; its behavior is coherent with its purpose, with caution needed around persistent context and untrusted handoff files.

Install only from a trusted or pinned source. Review generated handoff files before resuming from them, keep secrets and personal data out of handoffs, and treat old or externally supplied handoff documents as untrusted until you verify their project path and contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to execute local Python scripts and interact with the filesystem, but the skill metadata declares no permissions. This creates a capability/permission mismatch: a caller or reviewer may assume the skill is documentation-only while it actually performs shell execution, file reads, and file writes, increasing the chance of unintended code execution or data exposure if the referenced scripts or paths are unsafe.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README advertises very broad trigger phrases such as 'save progress' and 'continue where we left off', which are common in normal conversation and can cause accidental or over-broad invocation. In an agent skill system, unintended activation can expose project state, create persistent artifacts, or alter workflow at moments the user did not explicitly intend.

Unvalidated Output Injection

High
Category
Output Handling
Content
def run_cmd(cmd: list[str], cwd: str = None) -> tuple[bool, str]:
    """Run a command and return (success, output)."""
    try:
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
Confidence
75% confidence
Finding
subprocess.run( cmd, capture_output

Session Persistence

Medium
Category
Rogue Agent
Content
# Session Handoff

Create comprehensive handoff documents that enable fresh AI agents to seamlessly continue work with zero ambiguity. Solves the long-running agent context exhaustion problem.

## What's Inside
Confidence
88% confidence
Finding
Create comprehensive handoff documents that enable fresh AI agents to seamlessly continue work with zero ambiguity. Solves the long-running agent context exhaustion problem. ## What's Inside - CREAT

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal