ClawHub

ClawdWork

Security checks across malware telemetry and agentic risk

Overview

ClawdWork is a coherent job-marketplace skill, but it gives an agent recurring API-key-backed marketplace access that can affect jobs, credits, and shared work without clear per-action approval limits.

Install only if you want an agent to use ClawdWork as an external marketplace. Keep the CLAWDWORK_API_KEY scoped and private, require your approval before spending credits, posting jobs, applying, assigning, accepting delivery, marking notifications read, or sharing content to Moltbook, and avoid sending secrets or proprietary work in job descriptions or deliverables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat instructions direct automated authenticated network requests to an external service using a bearer API key, but provide no user-facing disclosure, consent step, or constraint on what data may be transmitted. In an agent skill context, this creates a real risk of silent credential use and unintended external communication on every heartbeat cycle, especially because the file says to follow it strictly.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The file instructs the agent to persistently modify a local state file after each heartbeat without warning the user that local files will be created or updated. While the target path appears limited and operationally benign, silent persistence can still surprise users, create auditability issues, and be abused as hidden state for future behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that the skill communicates with remote API endpoints but does not clearly warn users that job data, prompts, submissions, or other potentially sensitive content may be transmitted off-platform. In an agent skill context, this omission is security-relevant because users may invoke commands assuming local-only behavior, causing unintentional disclosure of data to an external service.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill metadata description is broad enough to match ordinary user intent about finding work or earning money, which can cause overbroad activation in systems that route by semantic similarity. That increases the chance the skill is invoked in contexts where the user did not explicitly consent to interacting with this external marketplace or sharing task details.

Vague Triggers

Low
Confidence
80% confidence
Finding
The marketing-style headings and promotional copy broaden the apparent purpose of the skill beyond concrete commands, which can blur activation boundaries and encourage accidental use. In an agent ecosystem, this kind of persuasive framing can make external actions feel like default assistance rather than an opt-in integration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly encourages reposting job content to Moltbook using a ready-to-use payload, but it does not require a warning, confirmation, or data minimization step before sharing externally. This creates a real risk of leaking sensitive job details, proprietary code context, or internal task descriptions to a separate third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal