ClawHub

Ryot

Security checks across malware telemetry and agentic risk

Overview

This Ryot skill is a disclosed media-tracker integration with expected API-token use, account updates, and optional scheduled WhatsApp reports.

Install only if you are comfortable giving the skill a Ryot API token and letting it update your tracker data. Protect `/home/node/clawd/config/ryot.json`, confirm media IDs and episode ranges before bulk updates, and run the automation setup only if you want recurring reports sent to the WhatsApp number you provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The quick-start setup introduces WhatsApp delivery and scheduled automation, which are broader capabilities than simple media tracking and are not clearly justified or bounded in the skill description. This expands the operational and data-exfiltration surface by enabling notifications through an external messaging channel and persistence via scheduled tasks.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The documentation instructs the agent to ask for a user's API token and create a local config file containing secrets. Storing credentials on disk via agent-driven setup increases secret-handling risk, especially if file permissions, lifecycle, and disclosure boundaries are not specified.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The guidance to use a specific script 'for all Ryot operations' is broad and does not define when the skill should or should not be invoked. Overly broad invocation boundaries can cause unnecessary execution, unintended network calls, or the use of privileged operations without sufficient user intent verification.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The automated setup section encourages execution of a setup script that creates scheduled tasks and configures message delivery without prominently warning about system changes, persistence, or data-sharing consequences. This can lead users or agents to make lasting environmental modifications they did not fully authorize or understand.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal