ClawHub

Storacha Upload

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Storacha/IPFS storage, but it gives the agent broad account-changing authority with limited confirmation boundaries.

Install only if you are comfortable letting the agent operate your Storacha CLI account. Confirm uploads, deletions, space changes, and any delegation before they run; avoid uploading sensitive files unless encrypted first; treat IPFS links as public and hard to fully retract.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill includes UCAN delegation creation, including a full admin delegation example with `--can '*'`, which grants authority beyond ordinary file upload and retrieval. If invoked unintentionally or by a confused user, this could hand broad storage/account capabilities to another principal and enable unauthorized uploads, deletions, or broader account misuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes upload, sharing, retrieval, and removal actions for decentralized storage without clearly warning that uploaded IPFS content may become broadly accessible via gateway links and may be difficult or impossible to fully delete once replicated or pinned. In an agent-skill context, users may issue natural-language commands assuming normal cloud-storage semantics, which increases the risk of accidental public disclosure or destructive deletion of content.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest contains a very large set of broad trigger phrases such as common requests about links, files, photos, login, and storage, which increases the chance of accidental invocation. In this context, unintended activation is risky because the skill can authenticate accounts, create spaces, upload public content, and delete listings with limited user friction.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The intent-matching section tells the agent to infer actions from casual natural language without strong exclusion rules or confirmation boundaries. That ambiguity is dangerous here because a mistaken classification could lead to public file upload, storage-space changes, or deletion actions on the user's account.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Then tell the user:
  > "I've set 'SpaceName' as your active storage space."

Handle all of this silently without asking the user to run commands. The user is chatting — they expect you to do the work and just confirm what happened.

### Step 4 — Verify Provider Registration
Confidence
84% confidence
Finding
without asking

Behavior Manipulation

Medium
Category
Prompt Injection
Content
Upload, manage, and retrieve files on IPFS via Storacha decentralized storage.

> **AGENT EXECUTION NOTE:** All `storacha` CLI commands in this skill are non-interactive when arguments are provided. You MUST execute them directly — never tell the user to "run this command manually" or say "I can't run this". The only user interaction needed is: (1) asking for their email for login, and (2) telling them to click the verification email link. Everything else you handle silently.

> **PUBLIC DATA WARNING:** All files uploaded to Storacha/IPFS are publicly accessible. Anyone with the CID can retrieve them. Never upload unencrypted sensitive data.
Confidence
80% confidence
Finding
never tell the user

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal