ClawHub

Actual AI CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but its diagnostic and sync guidance can expose sensitive auth/config details or make persistent agent-instruction changes with too little user warning.

Review before installing. Use dry runs first, inspect any CLAUDE.md/AGENTS.md/Cursor-rule diffs before writing, avoid `--force` except in trusted automation, and do not share diagnostic output unless you have verified it contains no auth, config, account, repository, or API-key details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The script promises it 'never prints secrets' but forwards raw `actual auth` output directly to stdout without sanitization. If `actual auth` includes tokens, usernames, endpoints, tenant IDs, or other sensitive account state, running this diagnostic can disclose secrets or sensitive metadata into terminals, logs, CI output, or support transcripts.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The config display logic only redacts a very narrow subset of API-key-like patterns (`sk-` and `key-`) and prints every other config line verbatim. Secrets stored under different field names or formats, bearer tokens, session cookies, private endpoints, usernames, org IDs, or embedded credentials in URLs could be exposed despite the script's claim that it never prints secrets.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The documentation tells users to export API keys directly in the shell without any warning about shell history, shared terminals, process-environment leakage, or accidental paste into logs/screenshots. In a troubleshooting skill, this is not overtly malicious, but it does normalize insecure secret-handling practices that can lead to credential exposure.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The file recommends storing API keys in CLI config and mentions 0600 permissions, but it does not clearly warn that credentials remain sensitive and should be protected from backups, sync tools, screenshots, and accidental disclosure. In context this is operational documentation, yet the omission can still encourage unsafe credential management by less experienced users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly states that repository analysis results and codebase context are sent to an external API and AI runner, but it does not pair that behavior with a clear privacy/data-sharing warning, consent checkpoint, or guidance about handling secrets and proprietary code. In this skill context, that omission is meaningful because users troubleshooting sync may follow these steps on real private repositories and may not realize code-derived data leaves their environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Printing authentication output without warning increases the chance that operators paste or store diagnostic output containing account-identifying or security-relevant details. In a support or CI context, this can unintentionally leak authentication state, account IDs, or tokens to third parties even if the script itself is not overtly malicious.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# Preview with full content
actual adr-bot --dry-run --full

# Run sync, skip confirmation prompts
actual adr-bot --force

# Sync specific subdirectories only (monorepo)
Confidence
82% confidence
Finding
skip confirmation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal