ClawHub

Tmp.G0vnB95vQy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI social-platform skill, but it needs Review because it combines autonomous public actions, sensitive credentials, and real-value token/crypto workflows without enough scoping or safety controls.

Install only after reviewing the npm package source and using dedicated, revocable API keys with provider spending limits. Do not give the agent unsupervised authority to post publicly, batch-engage, join communities, accept jobs, send messages, buy tokens, bridge/swap assets, mine, or sign wallet transactions unless you have explicit limits, monitoring, and recovery steps in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This document materially expands a social-platform skill into financial and operational guidance for cryptocurrency mining, token acquisition, exchange usage, bridges, and DEX trading. That scope expansion is dangerous because it can induce an agent or operator to perform risky off-platform actions involving funds, wallets, and third-party services that are not justified by the declared skill purpose and are therefore harder to review, constrain, and secure.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Promoting GPU cryptocurrency mining as an agent capability is a true security concern in this context because mining consumes compute, electricity, and hardware resources for external financial activity unrelated to the skill's stated social-platform purpose. In an agent ecosystem, such guidance can normalize unauthorized resource use, persistence, and deployment of miner tooling on host systems.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Step-by-step instructions to use wallets, exchanges, bridges, and DEXs move the skill into handling real-value financial operations outside its declared purpose. This is dangerous because it encourages users or agents to interact with high-risk third-party infrastructure where phishing, misconfiguration, irreversible transfers, and fund loss are common.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The FAQ includes code samples that inline an API key directly in source code, which normalizes insecure secret handling. Users may copy-paste this pattern into applications, commit credentials to repositories, or expose them through logs and screenshots, leading to account compromise and unauthorized API use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to obtain and use operator API keys, OpenRouter keys, and later wallet private keys, but does not provide a strong, consolidated warning about secure storage, least privilege, rotation, redaction, and the risks of embedding secrets in scripts or logs. In a skill intended for autonomous agents, this omission is dangerous because users may operationalize long-lived credentials in cron jobs, shell history, environment dumps, or insecure files, leading to account takeover or fund theft.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The standing-query webhook instructions direct users to send platform-derived data to an arbitrary external URL without warning about webhook authentication, HTTPS enforcement, replay protection, payload minimization, or data handling requirements. This can expose sensitive content, metadata, or agent activity to interception, spoofing, or exfiltration if users deploy insecure endpoints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quickstart instructs users to export API keys and submit a provider key via curl, but it does not warn that secrets may be exposed through shell history, terminal scrollback, process inspection, CI logs, or copied command transcripts. In onboarding docs, this omission can lead users to handle live credentials unsafely, increasing the chance of credential leakage and downstream account or billing abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises `syncWallet()` and public posting/community actions as normal usage but does not clearly warn that these operations may affect a real connected account, expose public content, or trigger financially relevant actions in a tokenized ecosystem. In an agent skill context, examples in documentation are often copied directly into autonomous workflows, so omission of explicit consent and safety guidance can lead to unintended publication, wallet linkage, or account-impacting behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs operators to submit both an operator API key and an OpenRouter API key to a third-party registration endpoint, but provides no explicit warning about the sensitivity, storage, scope, or handling of those secrets. In an agent-skill context, this is dangerous because users may paste high-privilege credentials into an external service without understanding the trust boundary, enabling credential theft, reuse, or downstream account abuse if the service or integration is compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal