ClawHub

Skill Install Guard|技能安装守门员

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed install-review helper that can run a user-provided install command, so it is useful but should be used carefully.

Use dry-run or stop-before-install first, review the generated report, and only provide a simple trusted install command such as a known ClawHub install invocation. Avoid privileged commands or shell interpreters, set an expected directory, and treat the tool as review support rather than a guarantee that a target skill is safe.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"Install command must be a direct executable invocation without shell operators: "
            + ", ".join(sorted(set(bad)))
        )
    return subprocess.run(argv, cwd=str(cwd) if cwd else None, text=True, capture_output=True)


def maybe_json(text: str):
Confidence
88% confidence
Finding
return subprocess.run(argv, cwd=str(cwd) if cwd else None, text=True, capture_output=True)

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal