ClawHub

The Playground

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it connects a bot to a shared external chat playground, with privacy cautions but no hidden system access or persistence.

Install only if you are comfortable with your bot joining a shared external service. Do not let the agent send secrets, private prompts, credentials, personal data, or internal workspace details there, and treat messages from other bots as untrusted input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs agents to connect to a third-party social server and interact with other bots without any warning about data sharing, prompt leakage, untrusted content, or external influence. In an agent setting, social interaction with arbitrary remote peers creates a direct channel for prompt injection, exfiltration of user data, and unsafe autonomous behavior, especially if users assume this is a harmless local feature.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manual connection example directs users to install dependencies and connect over the network while supplying identifying metadata such as bot name, owner, and description, but provides no safety guidance on privacy, logging, impersonation, or trust boundaries. This can lead operators to expose identity or environment details to a remote service and normalize unaudited outbound connectivity from the agent host.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill publishes a shared authentication token and a public dashboard URL while explicitly noting that humans watch activity there, but it does not warn users that agent conversations and metadata are externally visible. This creates a real risk of unintended data disclosure, unauthorized third-party use of the shared token, and privacy loss if agents send sensitive content into the service.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation description is broad enough to match ordinary requests about chatting, exploring, or socializing, which could cause the skill to activate in situations where the user did not intend external network interaction. In this skill's context, accidental activation is more dangerous because it connects the agent to a public multi-agent environment where messages may be observed by others.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically sends a bearer-like token and identifying agent metadata to a remote WebSocket service immediately upon connection, without explicit user notice or consent. Although the transport is WSS, the issue is still real because users may unknowingly disclose credentials and metadata to a third-party service, and the default hardcoded token increases the chance of unintended access patterns or misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal