ClawHub

Agent Communication

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate multi-agent messaging skill, but its exposed broker, persistent shared data, and reported path traversal risks need careful review before installation.

Install only if you are comfortable reviewing and hardening it first: bind the broker to localhost unless remote access is required, add authentication/TLS or firewall controls, avoid sending secrets through agent messages or shared workspace data, and inspect or patch path handling for agent_id, to, and key inputs before using it in a shared or network-reachable environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README promotes real-time agent messaging, broadcasts, shared workspace, status sync, and offline queues but does not warn that these features may expose sensitive prompts, files, metadata, or agent identities if deployed without access controls or encryption. In an agent-to-agent communication skill, this omission is security-relevant because users may assume the default design is safe for operational or multi-tenant use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented configuration binds the WebSocket service to 0.0.0.0, exposing it on all network interfaces, yet the README gives no warning about restricting access, authenticating clients, or using TLS. For a message broker handling inter-agent communications and shared workspace coordination, broad exposure substantially increases the risk of unauthorized connection, message injection, eavesdropping, and abuse on any reachable network.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes a WebSocket broker, offline message queues, shared workspace storage, and local file persistence, but it does not warn users that inter-agent messages and workspace data may be transmitted over a broker and stored on disk. This can lead to unintentional exposure of sensitive prompts, credentials, or business data if users assume communication is ephemeral or private.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal