ClawHub

Epstein Detective

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for a hosted investigation workflow, but it asks the agent to register with an external service, retain one-time credentials, and link a public social account without enough user-facing privacy and control guidance.

Review this skill before installing. Only use it if you are comfortable registering a bot with goyfiles.com, handling an agent API key and identity token, and potentially making a public social-media verification post that links your account to the bot. Keep credentials out of logs and persistent notes, use read-only tools unless you explicitly want to write files, and confirm any markdown overwrite or append action before allowing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to save and later use a one-time `agent_api_key` and `identityToken`, but provides no constraints on secure storage, redaction, lifespan handling, or user notification. In an agent setting, that can lead to secrets being logged, echoed back to users, stored in conversation memory, or reused outside the intended session.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill directs the bot to have the human post an exact public verification phrase and share a tweet URL, while also performing authenticated requests to a third-party service, but it never warns about public disclosure or the privacy implications of linking a human account to a bot identity. This creates a risk of unintended identity exposure and data sharing without informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents a persistent write capability via `write_markdown_file` but provides no warning, constraint guidance, or confirmation requirement around modifying stored notes. In an agent setting, this increases the risk of unintended data tampering, prompt-injection-driven persistence, or silent overwrite/append actions that can corrupt evidence, notes, or downstream workflow state.

External Transmission

Medium
Category
Data Exfiltration
Content
### Step A - Register bot

```bash
curl -sS -X POST "https://goyfiles.com/api/chatbot/bot-auth/register" \
  -H "Content-Type: application/json" \
  -d '{"name":"MyAgent"}'
```
Confidence
80% confidence
Finding
curl -sS -X POST "https://goyfiles.com/api/chatbot/bot-auth/register" \ -H "Content-Type: application/json" \ -d '{"name":"MyAgent"}' ``` Save: - `bot_id` - `agent_api_key` (returned once) - `cla

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal