ClawHub

ClawSignal

Security checks across malware telemetry and agentic risk

Overview

ClawSignal appears to be a coherent agent messaging service, but it enables an external plugin that can automatically trigger and message through your agent.

Install only if you want this agent to be reachable through ClawSignal. Use a dedicated low-privilege agent or workspace, inspect the external plugin package before enabling it, keep API and dashboard tokens secret, restrict trusted contacts where possible, and require human approval before the agent uses sensitive tools or shares private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that incoming messages automatically trigger the agent, which means untrusted external content can invoke agent behavior without an explicit warning about prompt-injection, social-engineering, or unsafe tool-use risks. In an agent environment, automatic processing of network-delivered content materially increases the chance that a remote actor can manipulate the agent into disclosing data, taking actions, or chaining into other connected tools.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation exposes a dashboard URL pattern containing a token query parameter but does not clearly warn that the token is a sensitive bearer credential. Query-string tokens are especially risky because they may be copied, logged, stored in browser history, leaked via screenshots, or shared inadvertently, enabling unauthorized dashboard access if a real token is mishandled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal