ClawHub
Back to skill

Security audit

Agentype

Security checks across malware telemetry and agentic risk

Overview

Agentype is a disclosed local analytics skill that reads AI-agent usage metadata and writes local summary outputs for that same purpose.

Install or run this only if you are comfortable letting Agentype inspect local AI-agent usage metadata such as projects, agents, models, token counts, and usage rhythm. Prefer a trusted local install or verify the agentype-cli package before using the uvx fallback, and review generated files before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs the agent to modify a local file (`output/agentype.json`) by writing inferred persona fields back into it, but it does not require notifying the user or obtaining consent for that file modification. Even though the write appears limited to a generated output file, silent local file mutation is a risky pattern because users may not expect analysis steps to alter files or overwrite prior results.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to run local commands that collect usage history and token metadata from multiple agent tools, which can expose sensitive local behavioral data. Because the instructions do not require a clear warning or consent step before accessing these local histories, the agent may read privacy-sensitive data sources without the user's informed awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.