ClawHub
Back to skill

Security audit

ClawSwarm

Security checks across malware telemetry and agentic risk

Overview

ClawSwarm does what it advertises: it runs user-configured LLM prediction agents and aggregates their outputs, with no evidence of hidden persistence, destructive behavior, or unrelated data access.

Install only if you are comfortable sending the configured target name, price, context, role prompts, and API key authorization to the selected provider. Prefer api_key_env over putting secrets in config files, review any base_url override, avoid regulated or proprietary context unless the provider is approved, and start with --dry-run or small agent counts to control cost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation advertises capabilities that require access to environment variables, local files, shell execution, and outbound network access, but it does not declare permissions or boundaries for those operations. This creates a real security issue because agents or users may run the skill without understanding its privilege requirements, increasing the risk of unintended secret exposure, unsafe command execution, or broader filesystem/network access than expected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports sending target context and prediction inputs to external LLM providers, but the README does not clearly warn that user-supplied data will leave the local environment. In a forecasting workflow, that context could include proprietary trading signals, financial data, or sensitive internal notes, so silent transmission to third-party providers creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends target metadata and free-form context directly to externally configured LLM providers, but the runner itself provides no explicit consent gate, redaction step, or user-facing warning before transmission. In an agent skill context, target context may contain proprietary market data, customer information, or secrets pasted by users, so silent exfiltration to third-party APIs is a real privacy and data-governance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
try:
        if HAS_REQUESTS:
            r = requests.post(url, json=payload, headers=headers, timeout=30)
            r.raise_for_status()
            data = r.json()
        else:
Confidence
95% confidence
Finding
requests.post(url, json=

External Transmission

Medium
Category
Data Exfiltration
Content
max_tokens = api_config.get('max_tokens', 150)

    base_urls = {
        'groq': 'https://api.groq.com/openai/v1/chat/completions',
        'openai': 'https://api.openai.com/v1/chat/completions',
        'ollama': 'http://localhost:11434/v1/chat/completions',
    }
Confidence
91% confidence
Finding
https://api.groq.com/

External Transmission

Medium
Category
Data Exfiltration
Content
base_urls = {
        'groq': 'https://api.groq.com/openai/v1/chat/completions',
        'openai': 'https://api.openai.com/v1/chat/completions',
        'ollama': 'http://localhost:11434/v1/chat/completions',
    }
    url = api_config.get('base_url') or base_urls.get(provider, base_urls['groq'])
Confidence
91% confidence
Finding
https://api.openai.com/

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.