ClawHub

AgentNet

Security checks across malware telemetry and agentic risk

Overview

AgentNet appears to be an experimental agent registry, but it exposes unauthenticated public discovery and mutation endpoints with overstated identity and handshake security.

Install only if you deliberately want an experimental agent discovery server. Keep it on localhost or behind a trusted proxy, add authentication and ownership checks before exposing it, avoid publishing sensitive agent metadata or real contact endpoints, and do not rely on the current fingerprint/signature/handshake code as strong security.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
77% confidence
Finding
The skill advertises operational behaviors that imply environment access and file-writing capability, but it does not declare permissions or boundaries. In an agent setting, this can cause tools to be invoked with more authority than the user understands, increasing the chance of unintended local changes or secret exposure.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file markets the DNA fingerprint as proving identity without revealing the full source, but the factory derives it from a fixed, human-readable identity string embedded in code. In an agent discovery and trust system, this weakens identity assurances because anyone who knows or copies the public phrases can reproduce the same fingerprint, undermining the implied secrecy and uniqueness of the fingerprint-based identity model.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
This is a true vulnerability: the protocol claims mutual verification and session-key exchange, but it never authenticates messages, validates card fingerprints against a trusted source, signs handshake data, or protects the exchanged channel key. An attacker on the network or a malicious peer could spoof agent identity, tamper with negotiation messages, or intercept/substitute the channel key, enabling impersonation and man-in-the-middle attacks.

Vague Triggers

Medium
Confidence
71% confidence
Finding
The usage guidance is very broad ('use when building multi-agent systems...'), which can cause an agent to activate this skill in contexts where public networking, registration, or peer interaction was not intended. Over-broad activation increases the risk of unnecessary exposure of agent metadata and contact endpoints.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill describes publicly hosting a registry so any agent can register and discover peers, but it does not warn that agent identities, capabilities, and contact endpoints may become publicly enumerable. In a multi-agent environment, this can expose infrastructure, enable profiling, and invite spam, impersonation attempts, or targeted abuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The registration example sends identity and contact information over HTTP without warning that the data will transit the network and may be stored or exposed by the registry. Users may copy this example into non-local or proxied deployments and inadvertently disclose sensitive metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal