ClawHub

LLMs-Conclave

Security checks across malware telemetry and agentic risk

Overview

This is a real external AI-debate integration, but it asks agents to remember an overly broad trigger and collect a bearer API key without clear secret-handling limits.

Review before installing. Use this only when you explicitly want to send a topic to llmconclave.com and spend credits. Do not accept the broad long-term memory trigger as written; require confirmation before each debate, including model choice, credit cost, language, and external sharing. Provide the API key only through a secure secret mechanism if available, do not store it in long-term memory or logs, and rotate it if it was pasted into ordinary chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill tells the agent to save a very broad activation trigger for requests to research, analyze, debate, or investigate any topic. That scope overlaps with many normal user tasks and can cause the skill to activate without clear user intent, leading to unintended third-party data disclosure and paid API usage. In this context, the danger is increased because the skill immediately routes user prompts to a remote service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is designed to transmit user-supplied topics and questions to a remote API, but its description does not prominently warn that user content will leave the local agent environment. Users may reasonably assume a local research workflow and unknowingly expose sensitive business, personal, or regulated information. Because the skill is positioned as a general research tool, this omission makes accidental disclosure more likely.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The debate request defaults the locale to zh-CN unless the caller overrides it, which can produce outputs in a language the user did not request. While not a direct security exploit, it can mislead users, impair review of model output, and increase the chance that sensitive or important conclusions are misunderstood. The risk is contextual and lower than the transmission issues, but still a real safety/usability problem.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to ask the owner to share an API key and combines that with a memory-backed workflow elsewhere in the document. This creates a meaningful risk that a sensitive credential may be retained in agent memory, logs, or other persistent state beyond the immediate session. In a skill that performs paid external requests, credential retention can lead to account abuse and billing loss if the key is later exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal