ClawHub

Marila Skill Publish

Security checks across malware telemetry and agentic risk

Overview

This documentation skill is mostly a publishing guide, but it includes a risky workaround that tells users to use a locally stored ClawHub token in a manual API publish request.

Review before installing. Prefer the normal `clawhub login`, `clawhub publish`, and `clawhub sync` workflows, and do not copy, print, paste, or reuse tokens from local config files unless you deliberately accept that credential-handling risk in a trusted environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The document explicitly instructs reading a local ClawHub config file to obtain an auth token and reuse it in a manual API call. That expands the skill from benign publishing guidance into credential access and token repurposing, which is dangerous because it normalizes extracting sensitive local secrets for alternate flows outside the normal CLI trust boundary.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill describes extracting a local auth token and sending it in a manual publish request, but does not provide strong warnings about credential handling, token exposure, storage sensitivity, transmission risks, or least-privilege expectations. In a publishing skill, this omission is especially risky because users may follow the workaround verbatim and expose reusable credentials to logs, shells, or untrusted environments.

Ssd 3

High
Confidence
98% confidence
Finding
The instructions semantically direct access to a sensitive credential source and tell the operator to reuse that token for API publication. That is a true security issue because it teaches credential extraction and secondary use, increasing the chance of token leakage, misuse, and bypass of intended authentication controls.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal