ClawHub
Back to skill

Security audit

Workspace Org

Security checks across malware telemetry and agentic risk

Overview

This is a transparent workspace-organization skill whose main risk is that an optional command can move local workspace files if the user runs it in execute mode.

Install this only if you want agents to follow a strict files/ workspace layout. Before running apply.py with --execute, run the dry run, confirm the workspace path, and review every proposed move. Treat files/tmp/ and processed inbox/outbox items as disposable under this convention, and do not place secrets or important originals there unless that handling is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger language is broad enough that the skill could activate during many ordinary file-management or workspace-related tasks, causing it to influence agent behavior unexpectedly. In a multi-agent setting, unintended activation can lead to unsolicited file moves, compliance checks, or cleanup recommendations that alter workflows or touch user data without a clear request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises cleanup and migration behavior, including auto-cleanup of `files/tmp/`, clearing inboxes after processing, and an `apply.py --execute` path that migrates existing files, but it does not prominently require user confirmation or warn about destructive consequences. In workspace-management context, those actions can cause data loss, overwrite organizational intent, or disrupt other agents by moving or removing files based on broad conventions rather than explicit authorization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal