ClawHub

Agent CLI (Cursor + Qoder)

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill that openly routes coding tasks to Cursor or Qoder CLI, with powerful but disclosed coding-agent behaviors users should handle carefully.

Install only if you intentionally want Codex to delegate coding work to Cursor or Qoder. Verify official installers before running them, avoid --force or --yolo unless the repository is trusted and scoped, run on a clean branch, review diffs before merging, and clean up tmux sessions or persistent AGENTS/MCP/settings files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to execute a remote installation script directly via `curl ... | bash` without any integrity verification, pinning, or warning. This creates a supply-chain execution path where a compromised server, CDN, DNS, TLS termination point, or upstream script could result in arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends `agent -p "task" --force` and states that it skips confirmation and automatically modifies code, but it does not pair that guidance with strong warnings about unintended edits, destructive changes, or the need to constrain scope in automation. In a code-editing agent skill, normalizing `--force` use can lead to silent mass changes or unsafe execution paths when tasks or repository context are attacker-influenced.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The automation example kills an existing tmux session, sends keystrokes into a PTY, and automates a trust action (`a`) for the workspace without validating session ownership, target state, or trustworthiness of the project. In this skill's context, that is risky because it operationalizes blind interaction with an agentic coding tool, making it easier to approve untrusted workspaces or act on malicious repository instructions without human review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal