ClawHub

Agent Migration Pack Template

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent migration template, but it exposes a bearer token and packages highly sensitive personal, relationship, memory, and session data with weak safeguards.

Install only after removing and rotating the embedded bearer token and reviewing all examples as private data. Before generating or sharing a migration pack, redact personal details, third-party contact history, private communications, business/investment details, and secrets; encrypt the archive if it contains real data and verify the recipient and upload destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation embeds a bearer token directly in a curl example, which constitutes credential exposure regardless of whether it was intended as a placeholder. In a migration-package skill that explicitly handles sensitive and private data, publishing an authenticated upload example without redaction materially increases the risk of unauthorized API access, data upload abuse, or token reuse if the token is valid.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file shows an authenticated upload command containing a live-looking bearer token while also describing migration artifacts that may contain sensitive or private user data. This combination normalizes insecure credential handling and omits critical warnings about secret exposure and the risks of transmitting sensitive migration packages to third-party endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly encourages storing sensitive personal, relational, and contact information such as owner details, relationships, and communication history, but provides no privacy guidance, data minimization rules, access controls, retention limits, or consent requirements. In an agent migration context, this increases the chance of unnecessary collection and transfer of personal data across platforms, which can lead to privacy breaches or regulatory noncompliance if the package is shared, leaked, or mishandled.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The template explicitly instructs users to populate memory from broad sources such as conversation history, Feishu/email task records, and AgentLink exchanges, but it does not define minimization, consent, relevance, or sensitivity boundaries. In a sensitive memory store that already includes business, investment, contacts, and social relationship data, this can lead to over-collection of personal or confidential information and unsafe aggregation across contexts.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal