ClawHub

chitin-chronicle

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent editorial coordination purpose, but its CLI can run unintended shell commands if crafted inputs are used.

Review carefully before installing, especially before adding the boot hook to AGENTS.md. Use only trusted content IDs, channels, action names, and OPENCLAW_AGENT values until the CLI is fixed to avoid shell-string git commands, validate safe characters, constrain claim filenames, and surface git commit failures.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The integration instructions encourage executing scripts, setting persistent aliases, and using commands that modify JSON state and create git commits, but they do not clearly warn operators that these actions persist changes on disk and in a nested repository. In a security-sensitive agent environment, omission of those side effects can lead to unreviewed startup execution and silent state mutation, increasing the chance of unintended trust in the skill and abuse if the referenced scripts are later modified.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to add a shell script to the boot sequence so it executes automatically at every session start, but it does not prominently warn that this causes code execution on boot. In an agent-skill context, automatic startup execution increases trust and blast radius: a modified or replaced script would run repeatedly without an explicit per-session approval step.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented commands perform state-changing actions such as writing claim/ledger files and creating git commits, but the instructions do not clearly warn the user before presenting them as normal workflow steps. This can mislead an operator or agent into mutating repository state and creating audit artifacts unexpectedly, especially in automated environments where commands may be copied directly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting section reveals that git commit failures are silently ignored, meaning the tool may change JSON state without preserving the promised audit trail, yet this caveat is not disclosed earlier where users are told that every state change commits automatically. That mismatch can create false confidence in durability and traceability, undermining coordination and incident reconstruction if repository writes succeed but commits do not.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal