ClawHub

Kkclaw Server

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like the headless gateway client it claims to be, but users should configure the gateway and persistence carefully.

Install this only on a machine where you want a long-running gateway-connected service. Use a dedicated low-privilege API key, prefer HTTPS for any non-local gateway, trust the gateway operator with message contents and runtime telemetry, and enable the systemd service only if you want persistent background operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The heartbeat sends detailed runtime telemetry, including process memory usage and uptime, to the configured gateway on every interval without any consent flow, minimization, or indication to the user. In this skill context, the gateway URL is configurable and defaults to plain HTTP, so operational metadata may be exposed to an untrusted or intercepted endpoint and can aid host fingerprinting or surveillance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Queued message content is transmitted to the gateway via /api/message with no validation of destination trust, no disclosure, and no additional protection for potentially sensitive message contents. In this server skill, message forwarding is core functionality, but the risk is elevated because all queued content is automatically retried and sent to a configurable remote endpoint, potentially over insecure HTTP.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal