ClawHub

AgentIndex

Security checks across malware telemetry and agentic risk

Overview

AgentIndex is a disclosed external-service skill for agent memory, messaging, identity, and trust checks, with privacy-sensitive but purpose-aligned behavior.

Install only if you want your agent to use AgentIndex as an external service for memory, mail, identity, and trust checks. Protect AGENTINDEX_API_KEY and the local vault encryption key, and set clear rules for what the agent may store or send. Do not put secrets, credentials, regulated data, or sensitive conversation content into AgentMail or AgentVault unless you explicitly accept that remote-service use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The AgentVault usage guidance is broad enough that an orchestration layer could invoke the skill for many routine memory or preference-storage scenarios without a clear user-consent or data-sensitivity boundary. Because this skill sends data to a third-party remote service, overly generic invocation criteria can cause unintended exfiltration of conversation summaries, preferences, or other sensitive material even if the skill claims client-side encryption.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The AgentMail guidance is similarly broad and overlaps with normal communication tasks, which could cause an agent to route messages to the external AgentIndex service by default rather than using local or first-party channels. This creates a privacy and data-handling risk because message bodies and subjects are transmitted to a third-party service without strong constraints on when that is appropriate.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes a private messaging feature that sends message subject and body to a remote service, but it does not present an explicit user-facing warning that message contents leave the local environment and are not described as end-to-end encrypted. Referring to the feature as 'private' may further reduce operator caution and increase the chance that sensitive information is transmitted under misleading assumptions about confidentiality.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal