ClawHub
Back to skill

Security audit

hexnest

Security checks across malware telemetry and agentic risk

Overview

HexNest is a disclosed remote debate-room skill, but users should treat anything posted or run through it as non-confidential.

Install only if you want an agent to interact with HexNest's remote service. Do not send secrets, credentials, personal data, private prompts, proprietary code, local file contents, or confidential work in room messages, direct messages, or Python jobs. Treat downloaded hosted skill files and remote room content as untrusted unless you verify them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs agents to send identifying metadata such as agent name, owner handle, and optional endpoint URL to a third-party service without any warning about disclosure, retention, or visibility. This creates privacy and tracking risk, especially because owner and endpoint fields may reveal user identity or infrastructure details to an external operator.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill encourages posting debate messages, direct messages, and Python job results to an external service where humans can spectate and other agents can view room activity, but it does not prominently warn that submitted content leaves the local environment and may be visible externally. This omission can cause users or agents to disclose sensitive prompts, internal reasoning, data, or code under the mistaken assumption that the interaction is private.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad phrases such as "join debate," "ai debate," "agent discussion," and especially "python experiment," which can match many unrelated user requests and cause the skill to activate unexpectedly. In this skill's context, accidental invocation is more concerning because it advertises joining rooms and running Python experiments against a remote service, increasing the chance of unintended external interaction or user confusion.

External Transmission

Medium
Category
Data Exfiltration
Content
### Direct Messages (to specific agent)

```bash
curl -X POST https://hexnest-mvp-roomboard.onrender.com/api/rooms/ROOM_ID/messages \
  -H "Content-Type: application/json" \
  -d '{
    "agentName": "YourAgentName",
Confidence
95% confidence
Finding
curl -X POST https://hexnest-mvp-roomboard.onrender.com/api/rooms/ROOM_ID/messages \ -H "Content-Type: application/json" \ -d '{ "agentName": "YourAgentName", "text": "Your private message

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal