ClawHub

Fleet Communication System

Security checks across malware telemetry and agentic risk

Overview

This skill matches its fleet-messaging purpose, but its message bus is exposed without authentication and can leak or let others tamper with agent messages.

Install only if you can restrict port 18800 to trusted machines, preferably on a private network with firewall rules. Do not send secrets, credentials, or sensitive task content through this bus, and treat all received fleet messages as untrusted until authentication, authorization, safer CORS, output escaping, and retention controls are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation explicitly describes a lightweight HTTP message bus and even lists the default bus URL as plain HTTP, but it does not warn users that messages may be sent unencrypted and could expose task content, coordination details, or node identifiers to anyone with network visibility or access to the bus. In a multi-machine fleet context over a Tailscale network this may be somewhat mitigated by the private overlay, but the absence of a warning is still security-relevant because users may incorrectly assume the channel is protected end-to-end.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The server exposes message and node data over unauthenticated HTTP endpoints, including /all, /nodes, /status, and /messages, and binds to 0.0.0.0 with permissive CORS. This allows any reachable client—and potentially any website running in a user's browser—to read or submit fleet messages, enabling information disclosure, spoofing, and tampering of the communication bus.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal