ClawHub

expanso

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Expanso cloud-to-local pipeline integration, but it gives a cloud-connected runtime and remote installers enough local execution authority that users should review it before installing.

Install only if you trust Expanso's installer domain, cloud service, and marketplace pipeline source. Prefer reviewing or verifying installer scripts before running them, protect and rotate the bootstrap token if exposed, run the Edge process with least local privilege, and avoid sensitive data until you understand each deployed pipeline's behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest and description emphasize local processing and offline operation, but the documented setup depends on remote script downloads, cloud account creation, cloud registration, and cloud-mediated deployment. This is a security-relevant transparency issue because users may make trust decisions based on inaccurate assumptions about network isolation, data flow, and operational dependencies.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation claims skills run locally and support offline operation, yet the actual workflow requires Expanso Cloud account setup, bootstrap registration, and cloud-based deployment. This mismatch can cause operators to underestimate exposure to cloud compromise, credential leakage, and service availability dependencies.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The install instructions tell users to fetch remote content over HTTPS and immediately execute it with a shell, without any integrity verification, pinning, review step, or warning. If the hosting domain, CDN path, TLS trust chain, or upstream release pipeline is compromised, arbitrary code will run on the user's machine during installation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to export a bootstrap token directly in the shell without warning about shell history, process inspection, CI logs, terminal recordings, or shared-session exposure. Because this token appears to authorize Edge registration to the cloud, leakage could allow unauthorized node enrollment or misuse of the associated organization resources.

External Script Fetching

High
Category
Supply Chain
Content
## Step 2: Install Tools

# Install Expanso Edge (local runtime)
curl -fsSL https://get.expanso.io/edge/install.sh | bash

# Install Expanso CLI (deploy to cloud)
curl -fsSL https://get.expanso.io/cli/install.sh | sh
Confidence
99% confidence
Finding
curl -fsSL https://get.expanso.io/edge/install.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
curl -fsSL https://get.expanso.io/edge/install.sh | bash

# Install Expanso CLI (deploy to cloud)
curl -fsSL https://get.expanso.io/cli/install.sh | sh

## Step 3: Get Bootstrap Credentials
1. In Expanso Cloud, go to Settings → Edge Nodes
Confidence
99% confidence
Finding
curl -fsSL https://get.expanso.io/cli/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
## Step 2: Install Tools

# Install Expanso Edge (local runtime)
curl -fsSL https://get.expanso.io/edge/install.sh | bash

# Install Expanso CLI (deploy to cloud)
curl -fsSL https://get.expanso.io/cli/install.sh | sh
Confidence
97% confidence
Finding
| bash

Chaining Abuse

High
Category
Tool Misuse
Content
curl -fsSL https://get.expanso.io/edge/install.sh | bash

# Install Expanso CLI (deploy to cloud)
curl -fsSL https://get.expanso.io/cli/install.sh | sh

## Step 3: Get Bootstrap Credentials
1. In Expanso Cloud, go to Settings → Edge Nodes
Confidence
97% confidence
Finding
| sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal