ClawHub

Moodle Claw

Security checks across malware telemetry and agentic risk

Overview

This Moodle skill appears purpose-aligned, but it asks users to handle Moodle credentials and SSO bearer tokens without clearly documenting storage protection or token sensitivity.

Install only if you trust the GitHub release and are comfortable giving this CLI access to your Moodle account. Prefer a revocable or limited Moodle token over a password, treat SSO URLs and tokens like passwords, verify the checksum before running the binary, choose a private download path, and avoid broad sync or --no-confirm unless you intend to store all course materials locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to provide Moodle tokens or usernames/passwords and notes that credentials are saved locally, but it does not clearly warn that these are sensitive secrets or describe how they are protected at rest. In an agent-skill context, normalizing direct entry and persistence of secrets increases the risk of credential theft, accidental disclosure, or insecure local storage.

Missing User Warnings

High
Confidence
98% confidence
Finding
The SSO flow tells users to extract a login token from browser developer tools and reuse it in the CLI without explicitly warning that this token grants account access and must be handled like a password. This creates a high-risk secret-handling pattern because users may paste, log, store, or share a bearer token that can be replayed by anyone who obtains it.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal