ClawHub

VAIBot Guard

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate local guard, but it needs review because it can persist as a service, execute guarded commands, and send execution metadata to VAIBot when API credentials are configured.

Review the generated systemd unit path before enabling it, set a strong VAIBOT_GUARD_TOKEN, and keep the env file owner-restricted. For fully local use, do not set VAIBOT_API_KEY and prefer VAIBOT_PROVE_MODE=off. If you enable VAIBot API posting, assume command names, working directories, session IDs, policy decisions, and result summaries may leave the machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The runbook instructs operators to create an environment file containing sensitive values such as VAIBOT_GUARD_TOKEN, but unlike the user-service section it does not warn to restrict permissions. Secrets stored in world-readable or broadly accessible env files can be disclosed to other local users, backups, or misconfigured tooling, weakening guard authentication.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The schema documents that the full receipt object is serialized into `/api/prove` `content`, and that object can include potentially sensitive execution metadata such as commands, arguments, working directory, session identifiers, reasons, and audit linkage fields. Even though this is documentation rather than executable code, it defines an integration pattern that may cause unnecessary disclosure to an external API if users or implementers are not explicitly warned about data sensitivity, minimization, redaction, and consent requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal