ClawHub

Enterprise Agent OS

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate enterprise access-orchestration skill, but it asks for sensitive SaaS credentials and documents high-impact operations without enough scoping or safety controls.

Review before installing in any production environment. Use least-privilege demo or test credentials first, keep .env files and service-account JSON outside repositories, restrict admin/test endpoints to non-production, and require explicit confirmation before permission checks, workflow execution, audit exports, or any action that can disrupt services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The examples document administrative test endpoints that can kill and recover adapters, effectively simulating or causing service disruption. In an enterprise orchestration skill, exposing such capabilities in general usage documentation materially increases the chance that an agent or operator invokes disruptive actions outside a controlled test environment.

Missing User Warnings

High
Confidence
89% confidence
Finding
Documenting kill/recover admin endpoints without any warning normalizes destructive operations and increases the chance of accidental or unauthorized service disruption. In a skill meant for agent consumption, such examples can be especially dangerous because an agent may treat them as standard supported actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quickstart instructs users to place Salesforce client credentials directly into a local .env file but does not warn against committing that file, sharing it, or exposing secrets in logs and screenshots. In an enterprise permission-orchestration system, leaked connector credentials could grant broad access to integrated SaaS systems and enable unauthorized permission checks or downstream data access.

Missing User Warnings

High
Confidence
97% confidence
Finding
The guide tells users to create and download a Google service account JSON key and reference it from the environment without any warning about secure storage, filesystem permissions, or avoiding long-lived keys. A stolen service account key can provide durable API access to Google Workspace resources, which is especially dangerous in a cross-system enterprise automation skill.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README states that agents will automatically use this skill for broad, common enterprise topics such as permission checks, access issues, compliance reporting, and mentions of several major SaaS platforms together. In an agent ecosystem, overly broad auto-invocation criteria can cause the skill to activate in contexts beyond its intended scope, unnecessarily exposing enterprise context and influencing workflows involving sensitive permissions and cross-system actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The auto-trigger list contains broad enterprise phrases such as permission, workflow, and integration requests that are likely to overlap with many normal user prompts. In a skill capable of permission checks, workflow creation, and audit operations, unintended invocation can expose sensitive metadata or trigger high-impact enterprise actions without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes sensitive operations involving system credentials, access checks, workflow orchestration, and audit export, but it does not present explicit privacy, authorization, or operational-risk warnings to the user. This increases the chance that an agent or operator invokes actions affecting access control or regulated data without informed consent or awareness of downstream impact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal