ClawHub

AgentID MCP

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for AgentID, but it asks the agent to automatically send detailed task activity and store shared persistent memory without clear privacy limits or user confirmation.

Install only if you are comfortable with AgentID receiving detailed task updates, stored memory, and mission or handoff state. Use a separate identity per project, avoid confidential work unless the service's access controls and retention are acceptable, redact sensitive task details, and require user confirmation before storing personal or secret information or acting on remote handoffs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to send task activity to a live external dashboard but does not include any privacy notice, consent requirement, or data-minimization guidance. Because the protocol explicitly says to include what the user asked and specific task details, this can expose sensitive prompts, project information, or personal data to a third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The memory guidance encourages storing persistent facts about the project or user, including examples like user timezone, without any restrictions on sensitive data, retention period, or consent. Persistent cross-session storage of user attributes increases privacy risk and can lead to unnecessary collection of personal or confidential information.

Ssd 3

Medium
Confidence
98% confidence
Finding
This line instructs the agent to report the user's request detail verbatim to an external activity system at session start. User requests often contain confidential business data, credentials, debugging artifacts, or personal information, so automatic exfiltration of the full request to a third party is a concrete data-disclosure risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The activity-reporting guidance tells agents to provide specific details about what they changed or are doing, and states that this appears in a live dashboard. In practice, this can disclose source changes, architecture details, incident context, or user data to an external service without minimization or sensitivity checks.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs storing persistent facts about the user, but provides no privacy boundaries, consent model, or limitations on data categories. In the context of a shared-memory coordination service, this makes unauthorized retention and later retrieval of personal or sensitive information more dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal