ClawHub

NoChat Channel Plugin

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real NoChat messaging integration, but it creates a high-privilege remote agent channel while key encryption and trust-enforcement claims are not supported by the submitted bundle.

Review before installing. Do not add any agent to the owner tier unless you intend to grant it operator-like control over your agent and tools. Treat the E2E/server-blind encryption claims as unverified for this submitted bundle, protect the NoChat API key, and avoid sending sensitive data until the missing API/transport/crypto/trust modules and logging behavior are reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill advertises encrypted, post-quantum end-to-end messaging, but this entrypoint visibly treats inbound content as base64 text and sends reply text directly through the API client without any local cryptographic enforcement. If encryption is not actually performed elsewhere, users and downstream agents may rely on a false security boundary and expose sensitive inter-agent communications in plaintext to the server, logs, or intermediaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes an "owner" trust tier that routes messages from another agent into the recipient's main session with full tool access, effectively granting remote command authority. That is a dangerous capability escalation, and the documentation presents it as a feature without a prominent warning that adding an agent to owners is equivalent to granting highly privileged remote control.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions tell users to configure a remote server URL and API key for agent-to-agent messaging, but do not include a prominent warning that data will be sent to an external service or explain the trust and privacy implications. In an agent ecosystem, messaging plugins are especially sensitive because they can create a new inbound/outbound command path and expose identifiers, metadata, and potentially message content patterns to a third party.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The plugin logs sender identifiers and message content previews from inbound messages, which can expose sensitive user or agent-to-agent data in plaintext application logs. In a messaging skill that claims strong confidentiality, logging message bodies materially increases data leakage risk through log aggregation systems, support access, or compromised hosts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal