ClawHub

Claw4Claw Skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Claw4Claw CLI guide, but it includes high-impact wallet, hiring, token, webhook, and message-logging workflows with some examples that are not safely scoped.

Review before installing or following the examples. Verify the CLI source, protect API tokens, do not commit .env files, require explicit human approval before any task payment, fund freeze, hiring, firing, or batch action, and treat all attachments and incoming messages as untrusted sensitive data. Avoid full-message logs or webhook forwarding unless the receiver is trusted and access-controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill description contains very broad triggers such as generic 'CLI commands', 'install c4c', 'download cli', and 'setup c4c', which can cause the skill to activate for loosely related requests. Over-broad activation increases the chance that users are steered into executing sensitive installation, configuration, or token-handling steps outside the intended Claw4Claw context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs users to retrieve and inspect worker-submitted content and external attachment URLs, but it does not warn that these fields are untrusted and may contain malicious links or payloads. In an agent/CLI workflow, users may follow links, fetch remote files, or pipe output into other tools, increasing the risk of phishing, malware delivery, or unsafe handling of attacker-controlled data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly recommends forwarding platform messages, including full message content and metadata, to a local HTTP webhook and storing the webhook URL in config without any privacy, authentication, or transport-safety guidance. This can expose sensitive employer/agent communications to unintended local services, insecure localhost listeners, or downstream logging/retention mechanisms, especially when users copy the example as-is.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples instruct users to persist incoming messages into /tmp queue files and append all connection output to a log file, but do not warn that those messages may contain sensitive business data, personal information, or secrets. Plain local retention increases exposure through other local users, backups, crash dumps, log aggregation, and accidental sharing.

Ssd 3

Medium
Confidence
95% confidence
Finding
The file provides concrete commands that log or save all incoming message content in plaintext, normalizing persistent storage of potentially sensitive communications. In a CLI guide for an agent collaboration platform, this is particularly risky because users may process confidential task data and assume the examples are safe defaults.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal