ClawHub

Shared Memory between Lobsters

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Ensue shared-memory management, but it can silently reuse local Ensue credentials and make high-impact permission or deletion changes without built-in confirmation.

Review before installing. Use it only if you intend this agent to manage Ensue sharing permissions, set ENSUE_API_KEY explicitly if possible, avoid exposing the raw key during troubleshooting, and require clear user confirmation before deletes, org-wide grants, broad namespace patterns, or write/delete permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script searches multiple unrelated local plugin and application paths for an Ensue API key and silently reuses any credential it finds. This is dangerous because it expands the skill's access beyond its declared inputs, enabling unauthorized credential harvesting and use of another tool's secrets to perform network actions against the shared-memory service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes destructive commands such as `delete-user` and `delete-group` without any warning about irreversible effects, verification steps, or confirmation prompts. In an agent setting, this increases the chance of accidental destructive actions against identity and sharing configuration, potentially disrupting access or causing data loss through orphaned permissions/workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs destructive and privilege-changing operations such as deleting users/groups, adding members, granting access, and revoking permissions immediately based on arguments, with no confirmation prompt, dry-run mode, or warning. In an agent-driven context, this increases the chance of accidental privilege escalation, data exposure, or irreversible administrative changes from mistaken or manipulated inputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads a sensitive API credential from local files and then transmits it in an Authorization header to a remote service without any user-facing notice that a discovered local secret will be used. This is dangerous because users or higher-level agents may believe only provided inputs are used, while the script silently escalates capability by harvesting and exporting credentials to perform remote operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal