Back to skill

Security audit

Claw Crony

Security checks across malware telemetry and agentic risk

Overview

This is a coherent setup guide for agent-to-agent communication, but it grants persistent remote-agent access and handles bearer tokens in ways users should review carefully before installing.

Install only if you are comfortable exposing an A2A gateway to trusted peers. Review and pin the external plugin code first, prefer Tailscale or a private LAN, firewall port 18800 to known peer IPs, avoid public HTTP exposure, do not put raw bearer tokens in TOOLS.md, rotate any exposed tokens, and require clear user intent before forwarding messages to another agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The template tells operators to place peer auth tokens directly into TOOLS.md and then instructs the agent to use those tokens via the exec tool. That gives the agent durable access to bearer credentials for other servers, expanding its authority beyond simple message routing and creating a clear secret-exposure path if the model is prompted to reveal files, commands, or configuration.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to execute a remote installation script directly from the network via a shell pipe, which removes the opportunity to inspect the script before execution. In this context the command is especially risky because it is part of setup guidance for administrators and could lead to arbitrary code execution with the user's privileges if the upstream source, transport, or DNS resolution is compromised.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The phrase "or similar" makes the trigger condition open-ended, so the agent may interpret vague user language as authorization to contact external peers. In this context, that ambiguity is more dangerous because invocation causes outbound network communication and use of bearer tokens, not merely a local formatting action.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template directs the agent to send user-supplied messages and a bearer token to a peer server but does not require disclosure or confirmation that data will leave the current host. In an A2A setup skill, network transmission is expected, but the absence of user-facing warning and consent controls makes accidental exfiltration of sensitive prompts, workspace data, or operational metadata much more likely.

External Script Fetching

High
Category
Supply Chain
Content
When servers are on different networks, use Tailscale:

```bash
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
# Authenticate via the printed URL (use same account on all servers)
tailscale ip -4  # Get the 100.x.x.x IP
Confidence
99% confidence
Finding
curl -fsSL https://tailscale.com/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
When servers are on different networks, use Tailscale:

```bash
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
# Authenticate via the printed URL (use same account on all servers)
tailscale ip -4  # Get the 100.x.x.x IP
Confidence
99% confidence
Finding
| sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.