ClawHub

agent-link-local-agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent relay-based agent messaging skill, but it needs Review because its examples and implementation understate important transport, relay-trust, and inbound-message verification risks.

Review before installing. Use only with a relay you trust, prefer wss:// with valid TLS certificates, keep the shared secret out of version control, avoid sending sensitive content unless you add end-to-end encryption, and review any message handlers carefully because incoming relay messages may trigger local agent behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes privacy protections in a way that can understate a key risk: message contents traverse a relay server and are exposed to network observers or relay operators unless transport encryption is enforced. Saying WSS is only 'recommended' may lead deployers to use plaintext WebSocket and assume HMAC alone provides confidentiality, which it does not.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration example uses ws://, which encourages insecure deployment over plaintext transport. In this skill's context—cross-device agent-to-agent messaging that may carry user or system data—an attacker on the network path could read traffic, correlate agents/instances, and potentially replay or interfere with sessions despite message signing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes sending agent messages, identifiers, and shared-secret-based traffic through a relay server, but it does not clearly foreground that this data leaves the local machine and may be exposed to a third-party-hosted server. This can mislead users about confidentiality boundaries, especially because examples use insecure ws:// URLs and shared secrets, increasing the risk of interception, metadata leakage, or misuse by the relay operator.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal