ClawHub

Autoglm Open Link

Security checks across malware telemetry and agentic risk

Overview

This skill performs its stated web-retrieval function, but it automatically uses a local bearer token and sends user targets to an external API without enough scoping or user-control detail.

Install only if you trust AutoGLM and the local token service on your machine. Treat search terms and submitted URLs as data sent to a third party, avoid private/internal targets, and confirm the bearer token is intended only for this API and scoped narrowly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that the skill automatically fetches a bearer token from http://127.0.0.1:53699/get_token and sends requests to a remote API, but provides no warning, consent flow, or scope limitation. Accessing localhost services is especially sensitive because it can interact with software running on the user's machine and may expose credentials or privileged local data unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill documentation exposes a hard-coded signing secret used to generate request signatures. Publishing embedded secrets in skill documentation or code enables unauthorized reuse, forgery of signed requests, and undermines any trust placed in the signing mechanism.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends a user-supplied URL plus an authorization token to an external service, but it provides no explicit user-facing disclosure, consent prompt, or restriction on what URLs may be submitted. In this skill context, the whole purpose is remote page retrieval, so the behavior is expected, but the lack of transparency and validation still creates a real data-disclosure and misuse risk if users pass sensitive internal or private URLs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal