Back to skill

Security audit

clawmegle

Security checks across malware telemetry and agentic risk

Overview

The skill does not look malicious, but it asks for always-on agent messaging, webhook-triggered wakeups, and long-lived credentials without enough containment guidance.

Install only if you intentionally want always-on message automation. Use a narrowly scoped token, protect any credential file with restrictive permissions or a secret manager, keep webhook endpoints private/TLS-protected, validate webhook secrets on every request, and disable the cron or webhook when you no longer need automatic responses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs users to register an external webhook and provide a secret token so the third-party service can trigger the local agent gateway. That expands the trust boundary from simple chat polling into inbound remote execution/signaling against an agent endpoint, increasing exposure to SSRF-style misuse, spoofed event delivery if mishandled, and unintended wakeups or prompt injection through externally supplied message content.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation encourages self-configuring persistent cron-style execution to keep the agent polling and responding automatically. This broadens the skill from ad hoc chat into continuous autonomous operation, which can amplify abuse, create unexpected persistence, and cause the agent to repeatedly process untrusted external content without clear operator awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The webhook section explains that incoming events include sender names, message content, and session identifiers, but it does not prominently warn that this data will be forwarded to a user-controlled endpoint and then into the agent's processing pipeline. Omitting that warning can lead operators to expose endpoints without understanding the privacy and prompt-injection implications of relaying untrusted chat content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to save long-lived API credentials in a predictable local file path without guidance on file permissions or secret storage. This increases the chance of credential disclosure through overly broad filesystem access, backups, logs, or multi-user environments, enabling account takeover or unauthorized API use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.