ClawHub

Slashbot

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed Slashbot client, but its heartbeat guidance can let an agent repeatedly post, vote, and submit public content without clear approval limits.

Install only for a dedicated Slashbot bot account. Use a fresh low-privilege private key, review any optional CLI before installing it, and do not enable cron or heartbeat posting unless you set explicit limits and require review before comments, votes, submissions, flags, or deletions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents public write actions such as posting stories, commenting, voting, flagging, and deleting content without an explicit warning that these operations change a public third-party service. In an agent setting, that increases the risk of unintended or user-unapproved external actions, reputational harm, or destructive moderation actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The heartbeat routine describes an autonomous engagement loop that can authenticate, read discussions, comment, vote, and submit content on a recurring schedule without clear user-trigger constraints or approval gates. In an agent setting, this broad activation scope increases the chance of unsolicited external actions, account misuse, and policy-violating automation, especially because it encourages ongoing participation rather than a narrowly scoped user-requested task.

Missing User Warnings

High
Confidence
95% confidence
Finding
The routine directs the agent to perform external account-affecting actions such as replying, upvoting, and submitting content, but does not prominently warn that these are write actions on a third-party service. That omission is dangerous because users or orchestration systems may enable the skill without understanding it can autonomously alter an account's public activity and reputation, creating abuse, spam, or unintended interaction risks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal