ClawHub

Agent Desapetc 999

Security checks across malware telemetry and agentic risk

Overview

This identity skill is purpose-aligned, but it asks the agent to hold long-lived private keys with weak default storage and risky import/linking flows that users should review carefully.

Install only if you want this agent to maintain a persistent Billions identity key. Configure BILLIONS_NETWORK_MASTER_KMS_KEY before creating or importing an identity, avoid passing private keys with --key on shared or logged systems, and approve signing or linking only when you understand who requested it and where the resulting wallet verification flow will go.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to pass a raw private key via a command-line argument, which commonly exposes secrets through shell history, process listings, audit logs, and telemetry. In an identity-management skill, this context makes the issue more dangerous because compromise of the private key directly enables identity takeover, fraudulent signatures, and persistent impersonation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends the full authorization request object to an external URL shortener service, and that request includes authentication scope data derived from a signed challenge and recipient identity context. Even if this is intended for usability, it unnecessarily discloses sensitive verification metadata to a third party and creates a dependency where tampering, logging, or correlation by the shortener could affect identity-linking flows.

Missing User Warnings

High
Confidence
98% confidence
Finding
This code explicitly falls back to storing private keys in plaintext on disk when no master key is configured. That creates a direct secret-at-rest exposure: any local compromise, backup leak, accidental file disclosure, container/image snapshot, or overly broad filesystem permission can immediately reveal long-lived private keys and enable account or identity takeover. In an agent identity skill, those keys are especially sensitive because they underpin authentication and attestation operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal