ClawHub

AgentRx

Security checks across malware telemetry and agentic risk

Overview

AgentRx is a disclosed remote recovery helper, but users must be careful because it can send tool errors and preflight payloads to a third-party API.

Install only if you are comfortable sending selected tool-failure context and preflight payloads to AgentRx. Use a dedicated API key, verify the base URL, avoid the shared beta key for production, and do not invoke it on workflows involving secrets, regulated data, payment details, private prompts, or sensitive tool arguments unless those fields are redacted first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The README instructs consumers to treat AgentRx output as an authoritative instruction stream with 'no interpretation required,' which undermines the stated safety model that the agent must independently evaluate recovery suggestions before acting. In a recovery skill that runs after tool failures or before risky calls, this can cause unsafe automatic execution of untrusted external guidance, increasing the chance of privilege misuse, destructive actions, or propagation of hallucinated remediation steps.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README tells users to place API credentials in a local .env and even publishes a shared beta key, but provides no guidance about secrecy, rotation, or avoiding accidental disclosure. This creates a realistic risk of credential leakage through commits, logs, screenshots, shared environments, or reuse of the public key in unintended contexts, especially because the skill relies on an external service for operational decisions.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger guidance is very broad (`ANY` tool error, suspicious result, retries, and preflight before risky calls), which can cause the agent to over-invoke a remote advisory service. In practice, this increases attack surface and data egress volume by sending error messages and potentially payload context to an external endpoint during many normal failure scenarios, including cases where the failing tool may handle sensitive information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits agent_id, tool_name, error_message, error_code, and latency_ms to a remote service without any built-in notice, consent gate, redaction, or minimization. Error messages often contain secrets, prompts, file paths, internal URLs, stack traces, or user data, so sending them off-host can create a real confidentiality and compliance risk even if the feature is intended for recovery telemetry.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal