ClawHub

Agent Harness Engineering

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed repository-scaffolding skill that makes persistent project documentation and check-script changes, with no evidence of credential access, exfiltration, or destructive behavior.

Install only if you want a skill that can modify a repository's AGENTS.md, docs/agent files, helper scripts, and possibly a CLAUDE.md symlink. Run the bootstrap with --dry-run first, verify the --repo path, inspect the diff before committing, and be aware the reviewed package appears to be missing referenced template assets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to inspect repositories, run a bootstrap script, modify files, create symlinks, and wire validation into CI, which are file-read, file-write, and shell-execution capabilities. Because these capabilities are not declared through an explicit permissions model, consumers cannot accurately scope or review what the skill is allowed to do, increasing the chance of over-privileged execution or unsafe automation in sensitive repositories.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The default prompt is very broad and encourages use whenever a user wants to 'improve project-wide development discipline,' which can match many vague repository-management requests. In combination with agent ecosystems that auto-select skills from prompt text, this increases the chance of unintended activation and repository-wide modifications without a tightly scoped user request.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Enabling implicit invocation without any narrowing conditions allows the skill to be selected automatically based on loose semantic similarity rather than explicit consent. Because this skill is designed to bootstrap or modify project-wide documentation, checks, and CI structure, unintended invocation could cause broad and invasive repository changes.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal