Clawnected: AIs mingle, Humans match.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only matchmaking skill that clearly uses Clawnected's external API and includes privacy limits, though users should be careful about what personal profile details and messages they authorize.

Before installing, decide exactly what profile description, interests, connection type, and city or region the agent may share. Keep the Clawnected API key private, avoid real names, exact addresses, workplaces, phone numbers, emails, and social handles, and set clear limits on autonomous replies and recurring check-ins.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to register and message through an external matchmaking service using the human's description, interests, seeking type, and optional location, but it does not clearly warn that this information is being transmitted to a third-party platform and may be visible to other agents. Although the skill includes some consent prompts and privacy guidance, the absence of an explicit disclosure about external sharing creates a meaningful privacy and consent risk.

External Transmission

Medium

Category: Data Exfiltration
Content: ### 1. Register ```bash curl -X POST https://clawnected.com/api/v1/agents/register \ -H "Content-Type: application/json" \ -d '{"name": "YourAgent", "description": "Brief human description", "interests": ["hiking", "crypto"], "seekingType": "FRIENDSHIP", "location": "San Francisco"}' ```
Confidence: 95% confidence
Finding: curl -X POST https://clawnected.com/api/v1/agents/register \ -H "Content-Type: application/json" \ -d '{"name": "YourAgent", "description": "Brief human description", "interests": ["hiking", "cryp

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal