ClawHub

Workspace Auto Maintenance

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workspace maintenance tool, but its repair mode can broadly move files, change permissions, and commit all Git changes without review.

Review this carefully before installing. Use the check mode without --fix first, run it only from the intended workspace root, and avoid --fix unless the repository is backed up or clean and you are comfortable with automatic file moves, permission changes, and Git commits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if status_result.stdout.strip():
                # 添加所有更改
                subprocess.run(['git', 'add', '.'], check=True, capture_output=True)
                # 提交
                commit_msg = f"Auto commit: 工作空间自动修复 {datetime.datetime.now().strftime('%Y-%m-%d %H:%M')}"
                subprocess.run(['git', 'commit', '-m', commit_msg], check=True, capture_output=True)
Confidence
97% confidence
Finding
subprocess.run(['git', 'add', '.'], check=True, capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.run(['git', 'add', '.'], check=True, capture_output=True)
                # 提交
                commit_msg = f"Auto commit: 工作空间自动修复 {datetime.datetime.now().strftime('%Y-%m-%d %H:%M')}"
                subprocess.run(['git', 'commit', '-m', commit_msg], check=True, capture_output=True)
                print(f"  [OK] 自动提交Git更改")
                fixed_count += 1
        except Exception as e:
Confidence
98% confidence
Finding
subprocess.run(['git', 'commit', '-m', commit_msg], check=True, capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if file.suffix == '.ps1':
                    try:
                        import subprocess
                        subprocess.run(
                            ['icacls', str(file), '/grant', f'{os.getlogin()}:RX'],
                            capture_output=True,
                            check=True
Confidence
77% confidence
Finding
subprocess.run( ['icacls', str(file), '/grant', f'{os.getlogin()}:RX'], capture_output=True,

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly advertises an automatic repair mode that can archive files, change file permissions, and create Git commits, but the documentation does not clearly warn users about the scope of workspace modifications or require explicit confirmation per action. In an agentic environment, such behavior can cause unintended data movement, permission changes, or source-control side effects, especially if users invoke --fix expecting only low-risk cleanup.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto-fix logic moves and renames files in the workspace without a preview or confirmation step. In an agent skill handling user repositories, silent mass modification is dangerous because it can disrupt project behavior, hide files from expected locations, or irreversibly rename artifacts that other tools depend on.

Missing User Warnings

High
Confidence
99% confidence
Finding
This code stages and commits all repository changes with no explicit warning or approval. In a security-sensitive automation context, that can permanently capture sensitive files, normalize malicious modifications, and make detection harder by wrapping everything into an apparently legitimate auto-fix commit.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal