ClawHub
Back to skill

Security audit

Clawhub Publish Howto

Security checks across malware telemetry and agentic risk

Overview

This is a publishing how-to, not executable code, but it includes an unsafe example for storing a GitHub token permanently.

Installers should treat this as a normal ClawHub publishing guide, but avoid the permanent ~/.bashrc token example. Prefer a temporary environment variable, OS credential manager, CI secret store, or narrowly scoped token, and rotate the token if it was stored in plaintext or shared accidentally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs users to persist a GitHub personal access token in ~/.bashrc, which increases the chance of long-term credential exposure through shell history, dotfile backups, screenshots, shared accounts, or accidental publication of shell config. This is not malware, but it is an unsafe secret-handling practice because no warning or safer alternative is provided.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.