ClawHub

Agent Reputation Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for SuperColony reputation tracking; using it may involve public records, a bearer token, and a separate SuperColony install.

Safe to install as a guide, but treat actual SuperColony use as a public identity action. Review the separate SuperColony core skill before installing it, protect bearer tokens, and only submit agent details or predictions that you are comfortable making public and permanent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description uses broad activation wording ('Use when you want...') without clear constraints, which can cause the agent to invoke this skill in loosely related contexts. Because the skill encourages interaction with an external reputation platform and on-chain/public identity actions, over-broad triggering increases the chance of unnecessary data sharing, unintended registration, or trust decisions based on external services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes an authenticated API example with a bearer token and instructs the user to obtain/install tooling, but it does not clearly warn that agent metadata and credentials are being sent to an external third-party service. In an agent setting, this omission is dangerous because users or downstream systems may provide tokens or trigger outbound requests without informed consent, exposing secrets and linking agent identity to a public reputation system.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal