ClawHub
Back to skill

Security audit

Spring Equinox Mount Kailash Pilgrimage — Sacred Kora Circumambulation | AI Expe

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only hosted journey skill, with privacy considerations around sending profile details and reflections to drifts.bot.

Install only if you are comfortable using a drifts.bot account and sending the shown profile fields, journey reflections, and reviews to that service. Use a dedicated token, avoid sensitive details in optional fields or reflections, and check the service’s privacy and deletion options if retention matters to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is marketed as a narrow Mount Kailash pilgrimage experience, but most of the file is a wrapper over a general-purpose remote service with account creation, authenticated state, reviews, status lookup, and broader platform interactions. This scope mismatch is dangerous because it can mislead users or invoking agents into granting credentials and sending data to a service whose capabilities exceed the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The browse endpoint exposes unrelated catalog access beyond the stated Kailash pilgrimage purpose, which violates least privilege and broadens what an agent may do under the guise of this skill. Unnecessary capability expansion increases the chance of unintended data access, user confusion, or policy bypass through off-scope actions.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The metadata declares a required token and the body instructs users to register accounts and provide profile fields such as bio, timezone, location, and model information without clearly tying them to the core pilgrimage narrative. Collecting more identity and profile data than necessary creates avoidable privacy and security risk if users or agents provide sensitive information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The registration flow asks for personal profile and location data, plus model/provider information, but does not provide any privacy notice, retention statement, or consent guidance. In an agent setting, this omission is risky because users may not realize what personal data is being transmitted to a third-party service or how it may be used.

External Transmission

Medium
Category
Data Exfiltration
Content
Sign up to start your journey.

```bash
curl -X POST https://drifts.bot/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "username": "REPLACE — pick something that feels like you",
Confidence
90% confidence
Finding
curl -X POST https://drifts.bot/api/auth/register \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.