ClawHub

Ai Intelligent Employee Onboarding

Security checks across malware telemetry and agentic risk

Overview

This is a sparse, instruction-only employee onboarding skill with disclosed HR automation behavior, but users should review the external code it asks them to run and set approval controls for real HR workflows.

Before installing, inspect the referenced GitHub repository, requirements.txt, and app.py. Use test data first, confirm where employee information is stored, and require explicit HR/IT approval for equipment, training, account, notification, or fulfillment actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is high-level and does not define clear activation boundaries, approval requirements, or limits on when onboarding automation should run. Because the listed functions include collecting employee data and initiating operational actions, an ambiguous scope increases the risk of unintended execution, overreach, or misuse in sensitive HR workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automated collection of onboarding materials, device requests, training scheduling, and gift distribution without warning users that these actions may process personal data or create downstream system changes. In an HR context, such undocumented automation can affect employee records, procurement, notifications, and privacy-sensitive information, making accidental or unauthorized actions more dangerous.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal