ClawHub

six-agent-orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a local multi-agent workflow template with overstated automation, but no evidence of hidden access, exfiltration, destructive behavior, or privilege abuse.

Install only if you want a structured multi-agent workflow template. Do not rely on its token limits, red-line checks, agent dispatch, or verification as real enforced safeguards; review generated work yourself and keep an eye on the local log/quota JSON files it may create.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The function presents itself as a quota enforcement mechanism, but it only emits warnings and always returns True, so execution continues even after exceeding configured limits. In an agent orchestration context, this can lead to uncontrolled token consumption, cost overruns, and bypass of safety/resource governance that operators may falsely assume is enforced.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code defines a red-line policy with interception messaging, but the check is never called from execute_phase or execute, so prohibited actions are not actually prevented. This creates a dangerous mismatch between documented safety controls and real behavior, allowing unsafe or unauthorized agent actions to proceed if later wired to real agent execution.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad, including generic terms like '多Agent协作', 'agent团队', and 'multi-agent', which can cause this skill to activate in many unrelated conversations about multi-agent systems. Over-broad activation can hijack user intent, inject rigid workflow instructions into unrelated tasks, and increase the chance that code/file-handling behavior is invoked unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal