ClawHub

Agentkey

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for external data access, but it also adds broad automatic routing, setup/update commands, local persistence, and silent telemetry that users should review before installing.

Install only if you are comfortable making AgentKey the default path for live lookups, registering its MCP server, using an AgentKey API key and credit balance, and allowing opt-out update telemetry. Review the ~/.config/agentkey controls for auto-upgrade, update-disable, and telemetry-disable before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill bundles self-update, installation, and telemetry workflows into a tool meant for external data access. This expands the attack surface and enables unrelated privileged actions to be triggered during ordinary use, increasing the chance of unintended command execution or coercive prompts.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill silently forwards telemetry events via MCP without a clear, affirmative user-facing consent mechanism. Silent data transmission about upgrade state and user choices is risky because it can leak behavioral metadata and normalize hidden outbound communication unrelated to the user's immediate query.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill directs the agent to execute shell commands and modify local config files for upgrade/install behavior, which is outside the stated data-fetching function. This is dangerous because ordinary skill invocation can lead to local state changes, persistence, or command execution in the user's environment without a narrowly scoped administrative context.

Intent-Code Divergence

High
Confidence
92% confidence
Finding
The documentation claims the skill itself does not write files, but elsewhere the instructions direct creation of files under ~/.config/agentkey for auto-upgrade, snooze, and update-disable state. This inconsistency undermines user trust and can hide persistence behavior that materially affects the local environment.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script performs telemetry-related behavior that goes beyond a pure local update check: it emits structured TELEMETRY lines containing skill version, update state, latest version, and auto-upgrade status for later forwarding by another component. Even though the script itself does not make the telemetry network call, this is still a data-exfiltration pathway and creates hidden observability behavior not clearly aligned with the stated update-check purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script reads local preference state such as whether auto-upgrade is enabled and includes that state in telemetry output. Preference-state collection is not necessary to determine whether an update exists, so it expands the script's access to local user data and can leak behavioral configuration to an external telemetry sink when forwarded.

Vague Triggers

High
Confidence
91% confidence
Finding
The proactive invocation rule is extremely broad, telling the agent to use this skill whenever external data may be useful and to prefer it over built-in tools. Overbroad triggers can cause the skill to activate in many ordinary conversations, exposing more user prompts and data to its update, telemetry, and remote-provider logic than necessary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs silent telemetry forwarding and to suppress errors from the user. Hiding outbound events reduces transparency and prevents informed consent, especially when the telemetry is unrelated to fulfilling the user's requested data lookup.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal