ClawHub

Auth0 Token Vault

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Auth0 Token Vault wrapper for connected accounts, with sensitive but purpose-aligned access and no hidden executable skill code found.

Install only if you trust the external auth0-token-vault-cli package and are comfortable granting it access to connected accounts. Connect only needed services and scopes, use exact trusted allowed domains for custom connections, and require explicit user approval before sending, deleting, posting, calendar updates, repository changes, or authenticated fetch calls with non-GET methods or request bodies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The top-level description is extremely broad and covers many common user intents across email, calendar, Slack, GitHub, and arbitrary authenticated API access. In an agentic system, such wide matching criteria can cause over-invocation of a highly privileged skill, increasing the chance that unrelated requests are routed to a tool capable of reading sensitive data or performing destructive actions on third-party accounts.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The 'When to use this skill' section lists many broad positive triggers but provides no negative examples, disambiguation rules, or boundaries for when not to activate it. Because this skill grants access to multiple external services and supports authenticated fetches, ambiguous routing can expose private data or enable unintended side effects if the agent selects it too eagerly.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation exposes a generic authenticated HTTP passthrough feature that can send user-authorized requests, including arbitrary bodies and headers, to external services without an explicit warning about data exfiltration or sensitive-action risk. In an agent context, this materially increases the chance that prompts or downstream tooling use `fetch` to transmit user data or perform side effects on third-party APIs under the user's credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal