ClawHub

Aetherlang Karpathy Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote API connector, but it includes server-side persistent memory and broad URL-fetching behavior without enough documented containment.

Install only if you are comfortable sending queries and flow definitions to NeuroDoc's hosted API. Do not send secrets, private documents, credentials, internal URLs, or sensitive personal data. Avoid the memory node for anything private unless the provider documents retention and isolation controls, and manually review any tool URL before running a flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation asserts that the agent will request confirmation before calling non-example tool URLs, but the skill contains no implementation or enforceable control for such approval. This creates a misleading safety guarantee that could cause users or orchestrators to trust unverified outbound requests, enabling unintended SSRF-like fetches, privacy leaks, or access to sensitive internal endpoints if the backend honors arbitrary URLs.

External Transmission

Medium
Category
Data Exfiltration
Content
## Request Format

```bash
curl -s -X POST https://api.neurodoc.app/aetherlang/execute \
  -H "Content-Type: application/json" \
  -d '{
    "code": "flow FlowName {\n  input text query;\n  node X: <type> <params>;\n  query -> X;\n  output text result from X;\n}",
Confidence
89% confidence
Finding
curl -s -X POST https://api.neurodoc.app/aetherlang/execute \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
skill_type: api_connector
  operator_note: "AetherLang Omega is operated by NeuroDoc Pro (masterswarm.net), hosted on Hetzner EU. Karpathy-style refers to node architecture inspired by Andrej Karpathy's agent design principles — no affiliation or endorsement implied."
  external_endpoints:
    - https://api.neurodoc.app/aetherlang/execute
  domains_not_recommended:
    - medical advice
    - legal advice
Confidence
87% confidence
Finding
https://api.neurodoc.app/

External Transmission

Medium
Category
Data Exfiltration
Content
## API Endpoint

**URL**: `https://api.neurodoc.app/aetherlang/execute`
**Method**: POST
**Headers**: `Content-Type: application/json`
**Auth**: None required (public API)
Confidence
88% confidence
Finding
https://api.neurodoc.app/

External Transmission

Medium
Category
Data Exfiltration
Content
## Request Format

```bash
curl -s -X POST https://api.neurodoc.app/aetherlang/execute \
  -H "Content-Type: application/json" \
  -d '{
    "code": "flow FlowName {\n  input text query;\n  node X: <type> <params>;\n  query -> X;\n  output text result from X;\n}",
Confidence
89% confidence
Finding
https://api.neurodoc.app/

External Transmission

Medium
Category
Data Exfiltration
Content
> calling any URL not in the examples below.

```
node T: tool url=https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd method=GET;
```

### 8. loop — Iterative Execution
Confidence
84% confidence
Finding
https://api.coingecko.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```
flow CryptoAnalysis {
  input text query;
  node T: tool url=https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd method=GET;
  node X: transform mode=llm instruction=Summarize_price;
  node A: llm model=gpt-4o-mini;
  query -> T -> X -> A;
Confidence
80% confidence
Finding
https://api.coingecko.com/

External Transmission

Medium
Category
Data Exfiltration
Content
flow ParallelFetch {
  input text query;
  node P: parallel targets=A|B|C;
  node A: tool url=https://api.coingecko.com/api/v3/ping method=GET;
  node B: tool url=https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd method=GET;
  node C: tool url=https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd method=GET;
  query -> P;
Confidence
80% confidence
Finding
https://api.coingecko.com/

External Transmission

Medium
Category
Data Exfiltration
Content
input text query;
  node P: parallel targets=A|B|C;
  node A: tool url=https://api.coingecko.com/api/v3/ping method=GET;
  node B: tool url=https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd method=GET;
  node C: tool url=https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd method=GET;
  query -> P;
  output text result from P;
Confidence
80% confidence
Finding
https://api.coingecko.com/

External Transmission

Medium
Category
Data Exfiltration
Content
node P: parallel targets=A|B|C;
  node A: tool url=https://api.coingecko.com/api/v3/ping method=GET;
  node B: tool url=https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd method=GET;
  node C: tool url=https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd method=GET;
  query -> P;
  output text result from P;
}
Confidence
80% confidence
Finding
https://api.coingecko.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal