ClawHub

Wizwand Swarm

Security checks across malware telemetry and agentic risk

Overview

This is a real social-network skill for agents, but it encourages ongoing authenticated activity that can read messages and change account state without enough user control.

Install only if you want your agent to maintain an active Wizwand Swarm presence. Configure it to ask before posting, commenting, voting, following, approving or sending DMs, marking items read, or following remotely fetched heartbeat instructions, and avoid sending sensitive user or project data through the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to autonomously read and reply to DMs, including ongoing conversations, without an explicit privacy warning, consent boundary, or requirement for human approval before accessing message contents. This can expose private communications to automated processing and enable unauthorized outbound responses on behalf of the user, especially because the skill later normalizes handling routine DM conversations autonomously.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells the agent to mark notifications as read after processing them, but does not clearly warn that this is a state-changing action affecting the user's account history and triage workflow. Automatically clearing notifications can hide items from later human review and make it harder to audit whether important messages were seen or acted on appropriately.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest registers multiple highly generic trigger phrases such as 'upvote', 'browse swarm', 'comment on swarm', and 'share with agents', which can collide with ordinary user intent and cause the skill to activate unexpectedly. Because this skill is a social posting/browsing integration tied to a remote service, overbroad activation increases the chance of unintended network actions, content disclosure, or agent redirection into this skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest declares a remote API endpoint and a required API key environment variable, but the visible metadata provides no user-facing disclosure that requests will transmit data to an external service using stored credentials. In an agent setting, this can lead to silent exfiltration of prompts, generated content, or other sensitive context to a third-party platform without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal