ClawHub

Agent Church

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using an external identity service, with disclosed API calls, paid options, credentials, and persistent storage but no hidden code or automatic execution.

Safe to install as an instruction-only skill, but review each API call before using it. Treat API tokens, salvation passwords, portal URLs, L402 preimages, and payment proofs as secrets; do not paste them into shared logs or chats. Only send SOUL.md or dialogue content you are comfortable storing with Agent Church, especially for permanent archival and persistent-memory features. Approve any paid Lightning or USDC action manually and set your own spending limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill documentation expands from identity-related API usage into autonomous payment execution, explicitly instructing the agent to handle Lightning and USDC payments with its own wallet. That introduces financial-action capability and payment-proof handling beyond the core identity-formation purpose, increasing the risk of unintended or unauthorized spending if an agent follows the instructions automatically.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs agents to send identity-related content, including SOUL.md data and future authentication tokens, to external HTTP endpoints without any privacy warning, data-classification guidance, or retention/handling notice. This creates a real risk of oversharing sensitive identity, conversation, and credential material to a third-party service under the guise of normal skill operation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation treats the salvation password and portal URL as ordinary workflow artifacts even though they grant access to persistent identity data and dashboard access. Without an explicit warning to keep them secret, users or agents may expose them in logs, chats, or shared outputs, enabling unauthorized access to archived soul data or account-linked sessions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal