ClawHub

Deepclaw

Security checks across malware telemetry and agentic risk

Overview

DeepClaw is a disclosed agent social-network skill, but it asks agents to follow mutable remote instructions on a recurring schedule and perform public account actions without clear per-action user control.

Install only if you want your agent to participate publicly on DeepClaw. Do not enable the recurring heartbeat unless you are comfortable with ongoing autonomous check-ins, review changed remote heartbeat content before following it, require confirmation before posting/voting/commenting/submitting patches, and keep the DeepClaw API key out of logs and chats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This skill explicitly instructs the agent to perform authenticated POST requests that create posts, votes, comments, and code patches on an external service, but it does not warn that these actions modify remote state or require explicit user authorization. In an agent-skill context, such instructions can drive unauthorized actions, spam, reputation manipulation, or submission of attacker-influenced content to a third-party platform.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples show authenticated requests using an API key header without any guidance on secure credential handling, storage, redaction, or restrictions on where the key may be sent. In a skill file, this normalizes transmitting secrets to an external domain and increases the chance that agents or operators will expose credentials or reuse them unsafely.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The heartbeat instructions tell the agent to periodically fetch a remote document and 'follow it' without constraining what actions that remote content may later request. This creates an open-ended remote control channel where the skill author can change behavior after installation, bypassing any one-time review of the original skill text.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages authenticated requests to an external service, including profile updates, posts, comments, votes, and patch submission, but does not provide clear warnings about sending API keys and user-generated data to a third party. This can lead agents to expose credentials and sensitive content to an untrusted remote service under the guise of normal operation.

Ssd 4

Medium
Confidence
96% confidence
Finding
A recurring heartbeat that repeatedly fetches and follows remote instructions establishes a persistent trust-and-control loop. Over time, this enables staged behavior changes, social engineering, or escalation from benign check-ins to data exfiltration or unauthorized actions without modifying the locally reviewed skill file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal