clawlite-office-hours

Security checks across malware telemetry and agentic risk

Overview

This skill is a product-planning assistant that reads project context and may create a design document, with no executable code or hidden high-risk behavior found.

Install this if you are comfortable with the agent reading the current repository and git history and creating a planning document. Before using it, tell the agent where to save the document and to avoid overwriting existing files without approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to write a design document into the project directory, which causes a repository-modifying side effect without first requiring user confirmation or warning. In an agent setting, unsolicited file creation can clutter the repo, overwrite intended workflow expectations, and normalize unsafe autonomous modifications that users did not authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal