ClawHub

Bullybuddy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Claude Code session controller, but it combines full session-control authority with weak argument escaping and token-bearing URLs that users should review carefully.

Install only if you intentionally need to control multiple BullyBuddy/Claude Code sessions from a slash command. Treat ~/.bullybuddy/connection.json and any /bullybuddy url output as passwords, avoid public tunnel mode on sensitive machines, avoid no-confirmation Claude Code modes, and do not pass untrusted text to spawn or send until the wrapper properly escapes JSON.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares `command-tool: exec` with raw argument passthrough and explicitly invokes a shell script, but it does not declare permissions commensurate with shell execution. This creates a transparency and policy gap: users and enforcement layers may underestimate that invoking the skill can execute local commands and interact with sensitive local files such as `~/.bullybuddy/connection.json`.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The url command prints dashboard links with the bearer token embedded in the query string, which can leak through terminal logs, shell history capture, screenshots, clipboard sync, browser history, proxy logs, and referrer handling. Because this token appears to authorize full session-management actions, exposure can let another party read transcripts, send input, or kill sessions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Printing sensitive bearer tokens without warning materially increases the chance of accidental credential disclosure to nearby users, terminal logging systems, CI logs, or copied chat snippets. In this skill's context, the token grants access to a local or tunneled session-management service, making disclosure especially dangerous because it can expose transcripts and allow active control over agent sessions.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- The auth token grants **full control over all spawned Claude Code sessions**, including sending arbitrary input. Treat it as a secret.
- The `/bullybuddy url` command outputs the dashboard URL with the token embedded. Do not share or log this URL publicly.
- When using `--tunnel`, the dashboard and API are exposed to the internet via a Cloudflare temporary URL. Anyone with the token can access all sessions remotely.
- Spawned sessions run Claude Code with your local permissions. If `--dangerously-skip-permissions` is enabled, Claude can execute any command without confirmation.

## Authentication
Confidence
92% confidence
Finding
execute any command

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- The auth token grants **full control over all spawned Claude Code sessions**, including sending arbitrary input. Treat it as a secret.
- The `/bullybuddy url` command outputs the dashboard URL with the token embedded. Do not share or log this URL publicly.
- When using `--tunnel`, the dashboard and API are exposed to the internet via a Cloudflare temporary URL. Anyone with the token can access all sessions remotely.
- Spawned sessions run Claude Code with your local permissions. If `--dangerously-skip-permissions` is enabled, Claude can execute any command without confirmation.

## Authentication
Confidence
89% confidence
Finding
without confirmation

Session Persistence

Medium
Category
Rogue Agent
Content
```
/bullybuddy status          - Server status & session summary
/bullybuddy list            - List all sessions
/bullybuddy spawn [cwd] [task] [group] - Create new session
/bullybuddy send <id> <text> - Send input to session
/bullybuddy output <id> [lines] - Show session output/transcript
/bullybuddy kill <id>       - Terminate session
Confidence
90% confidence
Finding
Create new session /bullybuddy send <id> <text> - Send input to session /bullybuddy output <id> [lines] - Show session output/transcript /bullybuddy kill <id> - Terminate session /bullybuddy url

Session Persistence

Medium
Category
Rogue Agent
Content
## Remote Access

Start the server with `--tunnel` to create a Cloudflare temporary URL automatically:

```bash
bullybuddy server --tunnel
Confidence
96% confidence
Finding
create a Cloudflare temporary URL automatically: ```bash bullybuddy server --tunnel ``` The tunnel URL is printed on startup and saved to `~/.bullybuddy

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal