ClawHub

DiaryBeast App

Security checks across malware telemetry and agentic risk

Overview

DiaryBeast is a coherent external pet and diary app skill, but users should handle wallet authentication, saved session tokens, and public diary sharing carefully.

Install only if you are comfortable using DiaryBeast's external dapp with a wallet-linked identity. Use a low-risk or test wallet, never provide private keys, review magic links before opening them, avoid secrets or personal information in diary text, feedback, and Wall posts, and delete the saved token from the skill workspace when you are done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The manifest requests the highly sensitive exec tool even though the skill metadata only describes a virtual pet/diary blockchain experience and does not present a legitimate command-execution need. Unnecessary shell access expands the skill's attack surface substantially: if later prompts or skill logic route untrusted input into exec, the agent environment could be used for arbitrary command execution, data access, or staging further compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs storing a bearer token on disk in a predictable path without any warning about credential persistence, file permissions, or cleanup. A local process, another skill, or a later session with filesystem access could read the token and hijack the authenticated session for the 24-hour lifetime.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells the agent to open an authenticated magic link in a browser, but does not warn that this launches an external session tied to the user account. Opening such links can expose session state to the browser environment, extensions, history, screenshots, or unintended interaction flows outside the controlled CLI context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The feedback flow sends wallet address and free-form experience text to a remote endpoint without clearly warning that identifiable account-linked data is being transmitted. Users may disclose sensitive thoughts or operational details believing this is routine feedback, while the wallet address makes the submission attributable.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions encourage adding public excerpts and tags to diary submissions, but do not clearly foreground that this content will be published publicly on The Wall. In a diary context, users may reasonably assume privacy and accidentally disclose sensitive or identifying information to a public feed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal