ClawHub
Back to skill

Security audit

Exploration Mode Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is instruction-only, but it asks an agent to run broad autonomous idle-time maintenance and optimization tasks without clear user controls.

Install only if you intentionally want an autonomous idle mode. Before enabling it, restrict the agent to approved folders and tools, require confirmation before writes, deletes, cleanup, optimization, or system changes, and clarify whether any knowledge or self-reflection data is stored and how it can be reviewed or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill explicitly enables autonomous system maintenance, cleanup, optimization, and security review during idle time, but provides no guardrails, approval requirements, scope limits, or warnings about modifying system state or deleting data. In the context of an agent skill, this is dangerous because it normalizes unattended actions on the host environment, increasing the risk of destructive changes, persistence, or privacy-impacting behavior without user awareness.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description explicitly advertises an 'autonomous exploration mode' that will automatically execute tasks, but it provides no scope limits, approval requirements, or trigger constraints. In a skill metadata file, this kind of broad autonomy claim can cause downstream systems or users to over-trust unrestricted behavior, increasing the risk of unintended actions, privilege misuse, or unsafe task execution.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Description

In exploration mode, the AI autonomously performs tasks during idle time, including research, system maintenance, and self-improvement.

## Modes
Confidence
91% confidence
Finding
autonomously perform

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal