ClawHub

Nova App Builder

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Nova app build/deploy helper, but users should handle the GitHub and Nova credentials carefully.

Install only if you intend to build and deploy Nova apps. Use a fine-grained GitHub token limited to the target repo, avoid embedding tokens in remote URLs when possible, rotate any token exposed in shell history or Git config, review generated code before deployment, and narrow egress settings for production apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This template helper exposes enclave signing, app-wallet signing, KMS key derivation, attestation, and storage operations as ready-to-use primitives inside a broadly scoped app template. In the context of a skill advertised for building and deploying Nova apps, bundling sensitive cryptographic and state-mutation capabilities without tight scoping or gating increases the chance that generated apps will silently inherit powerful privileged operations they do not need, enabling misuse of enclave identity, derived secrets, or wallet keys.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The template includes persistent storage mutation methods for S3 put/delete even though the skill description centers on scaffolding, building, and deploying apps. Prepackaging write/delete primitives in a default enclave helper lowers the barrier for generated apps to perform silent state changes or destructive actions against platform storage, especially if users assume the template only supports deployment-related functionality.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells users to embed a GitHub PAT directly into a remote URL, which can leak credentials through shell history, process listings, Git config, logs, or copied command transcripts. Because the skill handles source deployment, compromise of the PAT could allow repository tampering, source disclosure, or persistence in CI/CD workflows.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The kms_derive method derives secret material via Nova KMS with no surrounding warning, consent flow, or indication to downstream users that secret-generation capability exists in the template. In an agent skill that may scaffold code on behalf of users, undisclosed secret-derivation functionality is dangerous because it can be invoked to mint application secrets or identities that users did not realize the generated code could create or depend on.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The s3_put and s3_delete methods expose write and destructive storage operations without any visible warning or disclosure to users of the template. In a build/deploy-focused skill, hidden mutation capabilities are risky because generated code can alter or erase persisted data beyond the user's expected scope, and the mismatch between stated purpose and available actions makes accidental or covert misuse more plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal