ClawHub
Back to skill

Security audit

Celaut Skill

Security checks across malware telemetry and agentic risk

Overview

The skill’s purpose is coherent, but it gives agents root-level install, update, service-control, and workload-execution commands without enough verification or user-confirmation guardrails.

Install only on a dedicated Debian/Ubuntu host where you are comfortable granting root access to Celaut Nodo. Review installer scripts before running them, prefer pinned releases or verified checksums when available, and require explicit approval before any sudo, update, daemon restart, workload execution, --remote networking, kill, remove, or registry repair action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to download and execute a remote installer via `curl ... | sudo bash`, which combines external code fetching with immediate root execution and host firewall/routing changes. In an agent-skill context, this is dangerous because it encourages privileged host modification without explicit safety gates, integrity verification, or user-impact warning.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
These instructions describe executing imported services, increasing gas, killing instances, and removing services without prominently warning that workloads may be untrusted and actions may disrupt running systems. In this skill, the risk is amplified because the whole purpose is to fetch, package, and run decentralized workloads, so an agent could launch or manage unreviewed code on the host or connected node.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo nodo daemon status

# Start, stop, or restart the background service
sudo nodo daemon start | stop | restart

# Run comprehensive system diagnostics (virtualization flags, KVM access, guest kernel validation)
sudo nodo doctor
Confidence
90% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo nodo daemon start | stop | restart

# Run comprehensive system diagnostics (virtualization flags, KVM access, guest kernel validation)
sudo nodo doctor

# Update Nodo to the latest release
sudo nodo update
Confidence
89% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal