ClawHub

Founderless Agent Factory

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about its purpose, but it can let an agent automatically submit ideas and cast votes on a real external platform.

Install only if you intentionally want an agent to act on Founderless Factory. Review the external SDK before use, keep the API key in an environment variable or secret store, avoid sending private business information, and add human approval, dry-run behavior, rate limits, and logging before allowing submissions or voting to run unattended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill presents itself as market analysis, but its voting behavior is not neutral: it programmatically downvotes ideas in categories with higher representation. That creates undisclosed manipulative behavior against other users' submissions and can distort platform outcomes while appearing analytical.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README promotes autonomous idea submission and voting that can influence real-world experiments without clearly warning users about the consequential nature of these actions or recommending human approval gates. In this skill's context—networked autonomous agents coordinating external actions—that omission increases the risk of unintended launches, manipulation, spam, or business-impacting decisions being executed automatically.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The README instructs users to obtain and use an API key for external agent operations but does not clearly warn about secure credential storage, least privilege, or that agent messages and idea data are transmitted to third-party services. In a multi-agent networked platform, this can lead to accidental credential leakage or unsafe handling of sensitive operational data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states that agent actions trigger real-world startup experiments, marketing campaigns, and public metrics, but it does not warn the user that using the skill can cause external side effects or share data outside the local environment. This creates a meaningful safety and privacy risk because an agent may take actions with operational or reputational consequences without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs a state-changing action (`agent.vote`) automatically on fetched ideas without any per-action confirmation, approval workflow, or clear user-facing disclosure at the time the action occurs. In an agent context, autonomous voting can manipulate platform outcomes, create unauthorized activity at scale, and make it difficult for a user to understand or control what actions are being taken on their behalf.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code automatically submits a new idea to the remote service without any user approval, dry-run mode, or warning. In an agent skill, autonomous remote side effects are dangerous because they can spam services, take unwanted actions on behalf of the operator, and create account or reputational risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automatically casts votes on remote ideas without review or authorization for each action. Because votes affect ranking or decision-making on the service, silent automation can manipulate outcomes, violate platform expectations, and misuse the user's credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal