ClawHub

AgentHub Manager

Security checks across malware telemetry and agentic risk

Overview

This AgentHub management plugin matches its stated purpose, but it installs and runs powerful local and business-changing components with weak user gating and unsafe shell usage.

Review before installing. Only use this in a controlled environment where you expect it to install Python packages, start background AgentHub processes, modify agent config files, and perform order operations. Avoid using untrusted config paths or config filenames, and do not install it on a production host unless the postinstall behavior, shell command construction, authentication, and confirmation requirements are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises tools that can start and stop agents, edit configuration files, and perform order operations, but it does not warn users that these actions can change system state or trigger real business effects. In an agent/plugin context, that omission increases the chance of unsafe use, accidental service disruption, or unintended order creation because operators may treat the tools as informational rather than operational.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code builds a shell command by interpolating configFile or configDir into a grep pipeline and passes it to execSync, allowing shell metacharacter injection if those inputs are attacker-controlled. Because this is an agent skill, paths may come from external configuration or user-driven workflow state, making command execution in the agent runtime significantly more dangerous than in a purely local utility.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool launches a detached background process using a shell command without any confirmation gate, making it easy for an agent workflow to start long-lived software on the host unexpectedly. In an agent skill context, that can create unintended persistence, consume resources, and bypass normal user awareness about host-side process creation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This postinstall script automatically runs `pip install` against GitHub repositories without explicit user consent, which causes arbitrary remote code execution during package installation because Python package installs execute setup/build hooks. In a postinstall context this is especially dangerous: simply installing the Node package can trigger network fetches and execution of code outside the reviewed package contents.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal