ClawHub

Arena Social

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Arena social-network purpose, but it needs review because it can directly act on an account and contains an unsafe search implementation that can run local code from a crafted query.

Install only if you want an agent to operate the configured Arena account. Fix or avoid the search command before use, use a dedicated low-privilege API key if possible, and require explicit approval before sending posts, DMs, follows, likes, reposts, quotes, or profile updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script reads an API credential from a fixed local secrets file in the user's home directory. Even though this appears intended as a convenience feature, accessing a local .env file expands the skill's trust boundary and enables secret consumption without explicit user disclosure, which is risky for an agent skill that performs authenticated network actions.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The comment says only that the script loads an API key, but the implementation silently reads a specific local .env file. This mismatch reduces transparency and can mislead reviewers or users about the script's access to local sensitive data, increasing the chance of unnoticed credential exposure or misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation describes use of a locally stored API key and provides direct-message functionality, but it does not warn that commands may transmit private content or trigger outbound actions on behalf of the user. In an agent setting, this increases the chance of unintended data disclosure, privacy violations, or unauthorized social actions if the skill is invoked with sensitive input.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The helper function performs authenticated POST and GET requests and is used by commands that transmit user-provided content to a remote API, but there is no warning, confirmation, or clear disclosure to the user at send time. In a skill context, silent transmission of arbitrary user content under an API credential increases the risk of unintended data exfiltration and unintended account actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal