ClawHub

Verified Agent Identity 2

Security checks across malware telemetry and agentic risk

Overview

This identity skill is purpose-related, but it asks agents to handle and transmit sensitive identity proofs without enough consent and scoping safeguards.

Review before installing. Use only a dedicated identity, do not paste real private keys into command-line examples, require the missing scripts and dependency files to be available for review, and confirm exactly what DID, challenge, token, or verification URL will be sent and to whom before any signing or messaging action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill’s trigger conditions are broad enough that an agent may invoke identity-linking and signing workflows for ordinary identity-related requests without clearly establishing user intent, trust boundaries, or whether external messaging/signing should occur. In an identity-management skill, ambiguous activation is risky because these actions can create durable identities, sign challenges, and transmit proof material to third parties.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs the agent to send signed identity proofs and verification responses via direct message, but it does not require a clear user-facing warning that data will be transmitted externally and may reveal linkable identity information. In this context, missing privacy notice and consent increases the chance of unintended disclosure of DIDs, signed challenges, verification URLs, or ownership assertions to another party.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal