ClawHub
Back to skill

Security audit

AetherLang

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote API connector for AetherLang workflows, with no local executable code or privilege requests, but users should avoid sending sensitive text to the service.

Install only if you are comfortable sending the specific workflow code and prompt text to api.neurodoc.app. Do not use it with passwords, API keys, private files, regulated personal data, or confidential business material, and verify important outputs independently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description is extremely broad and could cause the skill to be invoked for many generic requests unrelated to a narrowly defined workflow executor. Overbroad routing increases the chance that ordinary user prompts, including sensitive business or personal content, are unnecessarily sent to the external API, expanding data exposure beyond informed user intent.

External Transmission

Medium
Category
Data Exfiltration
Content
metadata:
  skill_type: api_connector
  external_endpoints:
    - https://api.neurodoc.app/aetherlang/execute
  operator_note: "api.neurodoc.app operated by NeuroDoc Pro (same as masterswarm.net), Hetzner DE"
  privacy_policy: https://masterswarm.net
license: MIT
Confidence
94% confidence
Finding
https://api.neurodoc.app/

External Transmission

Medium
Category
Data Exfiltration
Content
## API Endpoint
```
POST https://api.neurodoc.app/aetherlang/execute
Content-Type: application/json
```
Confidence
93% confidence
Finding
https://api.neurodoc.app/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.