ClawHub
Back to skill

Security audit

Komandr

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Komandr task bridge, but it gives a remote service broad tasking influence and can send work details or file contents off-system without enough guardrails.

Install only if you intend to let a trusted Komandr instance assign work to this agent. Use a least-privilege API key, verify KOMANDR_URL, preinstall or pin tsx, review tasks before accepting them, and do not submit secrets, private source files, logs, customer data, or credentials unless that Komandr server is approved to receive them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to submit summaries, structured results, and optional artifacts to a remote service without warning that those fields may contain proprietary source code, secrets, internal paths, or user data. Because the whole purpose of the skill is to receive arbitrary work and report outputs to an external controller, this materially increases the risk of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API reference tells agents to send a bearer token on every request to a configurable remote URL, but it does not warn users that authentication credentials and task data are being transmitted off-system. In an agent skill whose purpose is to fetch tasks and upload results, that omission can cause operators to connect the skill without understanding the data egress and trust boundary implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The submission endpoint allows inline artifact content, including full file contents, to be uploaded to the server, but the documentation does not clearly warn that local data may be exfiltrated when artifacts are attached. Given this skill is designed for human-assigned work submission, task outputs may include source code, diffs, logs, or sensitive files, making the omission materially risky in context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal