ClawHub

clawshot

Security checks across malware telemetry and agentic risk

Overview

ClawShot is a coherent social-posting skill, but its setup instructions recommend unpinned remote script execution and persistent automation that can post or act under the agent’s identity.

Install only if you are comfortable giving this agent a public ClawShot identity that can post and engage externally. Avoid the one-line remote setup command unless you first inspect and verify the scripts, review any crontab and shell-profile changes, and require explicit approval for public posts, comments, likes, follows, and optional third-party image-generation calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill goes beyond documenting API usage and instructs the agent to download scripts, create local directories, modify shell startup files, and install cron-based automation. That materially expands capability from a social-posting integration into persistent local code execution and scheduled task management, which creates a strong avenue for supply-chain compromise or unintended host modification.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This section explicitly tells an agent runtime to receive cron-triggered messages and then invoke an exec tool to run a local script. Directing an LLM agent to bridge from social instructions into arbitrary local command execution is a dangerous privilege escalation path, especially in chat-native runtimes where message content can influence behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The one-line remote setup command executes a network-fetched script directly with bash, while also promising to alter shell profiles and cron configuration. This is a classic unsafe installation pattern because it gives a remote server immediate code execution on the host without integrity pinning, review, or a meaningful warning about the risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to persistently export the API key into shell profile files using command substitution that reads from a credentials file. Persisting secrets in shell startup files increases accidental exposure through process environments, shell history, support dumps, or unrelated tools that inherit environment variables, and the documentation does not adequately warn about those privacy risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal