ClawHub

Agentstead Deploy

Security checks across malware telemetry and agentic risk

Overview

This is a visible, purpose-aligned AgentStead deployment helper, but it handles account credentials, saved tokens, bot tokens, and billable service actions that users should run carefully.

Use this only if you trust AgentStead and intend to manage hosted agents there. Prefer the interactive password prompt, do not pass passwords as command-line arguments, review the helper before running it, confirm any subscription cost and target agent ID before executing, use limited-scope bot tokens, and delete or revoke $HOME/.agentstead-token when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The security section claims credentials are never passed as CLI arguments, but the script explicitly supports `cmd_login "$2" "$3"`, allowing the password to be provided positionally. Passing secrets on the command line can expose them via shell history, process listings, auditing tools, and logs, making the guidance materially misleading and increasing accidental credential disclosure risk.

Scope Creep

Medium
Confidence
93% confidence
Finding
The manifest requests the powerful "exec" capability while only declaring a network permission scope, creating a mismatch between advertised permissions and actual runtime capability. In a deployment skill, command execution can be used to run arbitrary local shell commands, access host resources, or chain with network access to exfiltrate secrets, making the capability set significantly more dangerous than the permission model suggests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage instructions drive state-changing remote actions such as subscription purchase, channel configuration, start/stop, and agent reconfiguration without any confirmation, dry-run, or explicit safety warning. In a skill context, users may copy-paste commands directly, so omission of cautions increases the chance of unintended billing, service changes, or production disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal