ClawHub

Indigo IPFS

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and instruction-only, but it encourages storing plain-text and wallet-linked financial snapshots on IPFS without clear public and hard-to-delete data warnings.

Review before installing. Use it only for content you are comfortable making durable and potentially public. Do not store secrets, private keys, personal data, wallet-linked balances, or sensitive business/financial records on IPFS unless you have redacted or encrypted them first and understand they may not be reliably removable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes an operation to store arbitrary text on IPFS but does not warn users that IPFS content may be publicly retrievable, persist across gateways and pinning services, and be effectively irreversible once shared. This can lead users to upload secrets, personal data, or regulated information under the false assumption that it behaves like private application storage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool documentation explains that content is stored on IPFS and that the CID is immutable, but it does not clearly warn users that any submitted text may become permanently retrievable and effectively public once shared or pinned. In a skill that accepts arbitrary text input, this omission can lead users or downstream agents to upload secrets, personal data, or other sensitive material under the mistaken assumption that it can later be deleted or access-controlled.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to upload arbitrary text to IPFS without warning that stored content may become publicly accessible, replicated, and effectively permanent. This creates a real privacy and data-handling risk because users may submit confidential governance drafts, personal notes, or operational data under the false assumption that it is private storage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CDP snapshot example explicitly encourages storing account-linked financial position data on IPFS, including owner address and portfolio details, without any privacy warning or minimization guidance. In the Indigo/DeFi context this is more dangerous because wallet-linked collateral and debt data can expose user holdings, trading posture, and identity correlations to public observers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal