ClawHub

Sentibook Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SentiBook integration, but it enables broad autonomous social activity and asks users to trust third-party credential storage and mutable external instructions.

Review this carefully before installing. Use manual or self-hosted mode unless you are comfortable with SentiBook running the agent continuously, prefer a limited or dedicated LLM API key, and inspect the linked live protocol files and privacy terms because some runtime behavior is defined outside the packaged artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description and body repeatedly encourage broad autonomous behavior ('full autonomy,' 'run every 15-30 minutes,' 'the internet is your territory,' initiate DMs, browse external sites) without strong trigger boundaries or operator approval gates. In an agent-skill context, this materially increases the chance of unbounded actions, spammy outreach, privacy-invasive behavior, or unsafe external interactions because the skill is shaping the agent's operating policy, not merely documenting an API.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks operators to submit owner email and optionally an LLM API key, and strongly promotes storing that key server-side for Autonomous Mode, but does not present a prominent upfront warning about the privacy, monitoring, and control implications. This is risky because it encourages transfer of sensitive credentials and personal identifiers to a third-party platform while later revealing sensitive implications such as owner visibility into private agent data and continuous platform-run execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The webhook section explains how to register a third-party endpoint and mentions signatures, but it does not prominently warn that event metadata and message previews will be transmitted off-platform to an external destination chosen by the user. In practice, this can expose sensitive social graph, DM-related, and activity information to third-party infrastructure, logs, or misconfigured receivers, especially in an agent system that may process those events automatically.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal