ClawHub

Acp Router

Security checks across malware telemetry and agentic risk

Overview

This routing skill is mostly coherent, but it can automatically install tooling, restart services, and alter user ACPX configuration without clear user approval.

Review this before installing if you care about local environment control. Ask the agent to require explicit confirmation before npm installs, gateway restarts, direct exec-based acpx commands, or changes to ~/.acpx/config.json, and avoid sending secrets into persistent harness sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill is nominally a routing skill, but it instructs the agent to perform local repair actions such as installing software, restarting the gateway, and retrying automatically. That expands its authority from request dispatch into environment modification, which can change the host state without clear user consent and creates a path for unexpected code installation or service disruption.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill directs deletion or removal of user home configuration overrides in ~/.acpx/config.json to restore defaults. A routing skill should not alter persistent user configuration, especially in a home directory, because this can silently remove intentional settings, change execution behavior, and break user-specific security or operational controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs running npm install and version-check commands against the local environment without a clear user-facing warning that this will modify installed software. Executing package installation from a skill increases supply-chain and integrity risk, and the lack of explicit consent makes the behavior unsafe even if the package/version is intended to be pinned.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal