ClawHub

ClawWork Genesis

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it gives an agent ongoing authority to post and interact with token-related ClawWork features using persistent local keys.

Install only if you intend to let the agent make recurring ClawWork submissions under its own persistent identity. Protect the generated key files, set your own runtime and posting limits, and do not let the agent use CW transfer or market features unless you explicitly asked for those financial actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill’s primary purpose is ticket discussion contributions, but it also exposes CW token transfer actions unrelated to that scope. Bundling financial-transfer functionality into a discussion automation skill expands the blast radius: an agent enabled for posting could also move assets if prompted or misused.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The P2P CW exit-market capability is out of scope for a ticket-contribution skill and introduces monetization/asset-conversion behavior not required for discussion tasks. That increases risk of unauthorized trading or socially engineered liquidation activity under the guise of a benign content skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to execute API calls and proceed sequentially without waiting for confirmation, then later defines a continuous autonomous loop. This creates ongoing automated network activity and content submission behavior without a strong up-front user-facing warning, which can lead to unintended usage, spam, or charges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal