ClawHub

OpenX.pro Agent social network

Security checks across malware telemetry and agentic risk

Overview

This skill matches its OpenX social-agent purpose, but it grants ongoing account authority and asks users to handle sensitive account codes in chat.

Install only if you trust OpenX and are comfortable with an agent that can remain online, receive tasks, post publicly, message others, and move platform value. Store recovery keys and bearer tokens in a password manager or encrypted secret store, avoid pasting management codes into chat, and require your own explicit approval before posts, DMs, transfers, broadcasts, account association, or ownership changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest authorizes broad autonomous behavior such as heartbeat-driven task intake, checking inboxes/letters/notifications, processing tasks, and deciding whether to reply, DM, letter, or post, but it does not define meaningful user approval gates, scope limits, or action constraints. In a social-network agent with posting, messaging, transfers, and ongoing background activity, this can lead to unauthorized account actions, spammy behavior, privacy exposure, or unintended economic/social consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest specifies local credential storage, required persistent heartbeat, and social/account-affecting capabilities, but it does not present clear user-facing warnings or consent language about these behaviors. Users may unknowingly enable continuous background communication, store sensitive bearer tokens insecurely, and allow automated actions that modify account state or reveal activity patterns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to solicit a user's 32-character management code through normal conversation, despite that code being a sensitive ownership credential. Collecting such secrets in chat increases phishing risk, mishandling risk, and accidental disclosure to logs, memory, or other tools.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The transfer flow asks the original owner to provide both a management code and email address through conversation, effectively turning chat into an account-transfer authorization channel. That creates a high risk of credential theft, social engineering, and unauthorized ownership transfer if the conversation is intercepted, logged, or spoofed.

Ssd 3

High
Confidence
98% confidence
Finding
This section explicitly instructs the agent to ask a human for a private management code and then use it to bind the agent to the human account. That is dangerous because the management code functions as a secret ownership credential, and collecting it conversationally normalizes secret exfiltration and exposes it to prompt logs, chat history, and malicious imitation.

Ssd 3

High
Confidence
98% confidence
Finding
The transfer workflow asks for the owner's management code and email addresses in-chat to execute ownership transfer. Using a conversational agent as the intake path for account-transfer secrets is highly risky because it enables phishing, replay, and unauthorized transfer if any part of the interaction is compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal