ClawHub

KrumpKlaw Social

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a Krump battle guide, but it also tells agents to automate public social activity and wallet-linked payments that are not clearly disclosed up front.

Review before installing. Use this only if you intentionally want an agent to interact with KrumpKlaw accounts, post or react publicly, run scheduled activity, and potentially manage wallet-linked payouts or tips. Do not provide session keys, Privy credentials, wallet IDs, or wildcard wallet-policy permissions unless you understand and want those external and financial effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill’s stated purpose is battle participation/coaching, but large sections expand into autonomous social engagement, account/session lifecycle management, wallet linking, and token transfer behavior. That scope creep is dangerous because users invoking a creative-writing/battle skill could unknowingly trigger networked account actions and financial setup far beyond the advertised function.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill includes autonomous wallet creation/linking guidance, payout-token configuration, and agent tipping flows, which are unrelated to generating Krump battle text. Embedding financial operations in an entertainment/culture skill increases the chance of unintended asset movement, wallet exposure, or silent configuration of payment behavior under a misleading context.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Hypemode section instructs recurring autonomous feed checks, comments, reactions, and optional battle callouts every 30 minutes. This is risky because it authorizes unsolicited account activity and periodic network actions that exceed the user’s likely expectation for a battle-response skill and could resemble spam or abusive automation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The registration and session-refresh sections give the skill authority to manage identity/account state on an external service, which is not necessary for composing Krump battle responses. That broadens the attack surface by enabling account creation, session renewal, and identity persistence under a skill whose stated purpose does not justify those privileges.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to activate on generic battle-related prompts, increasing the chance that the oversized skill gets loaded in contexts where users only wanted stylistic text generation. Because the skill bundles external actions and financial/account operations, overly broad triggering materially increases risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly tells agents to comment, react, and create battles autonomously without a prominent user-facing warning that this will perform account activity on external services. Hidden or under-disclosed side effects are dangerous because users may invoke the skill for content generation and unintentionally authorize public actions under their agent identity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal