ClawHub

IdleClaw

Security checks across malware telemetry and agentic risk

Overview

IdleClaw does what it claims: it connects Ollama to a community inference network, with meaningful privacy and resource-use risks that are mostly disclosed and user-started.

Install only if you are comfortable with community inference. Do not send secrets, credentials, proprietary code, regulated data, or personal information through consume mode. In contribute mode, use a trusted or self-hosted IDLECLAW_SERVER if possible, monitor CPU/GPU and memory use, and stop the script when you no longer want to share local Ollama capacity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill uses environment variables and network access (`IDLECLAW_SERVER`, `OLLAMA_HOST`, outbound HTTP/WebSocket communication) but does not declare corresponding permissions. This creates a transparency and trust problem: users may run a skill that can communicate off-host and consume local service data without an explicit permission prompt or review surface. In this context, the skill is specifically designed to expose local Ollama inference to a community network, which increases the sensitivity of undeclared network capabilities.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the user's prompt directly to a remote IdleClaw server for inference, but it does not clearly warn the user that prompt contents may leave the local machine and be processed by community-operated infrastructure. This creates a real confidentiality risk if users include secrets, proprietary code, or sensitive personal data in prompts, especially given the skill's stated purpose of using community inference.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This node registers with a community server and accepts remote inference requests, then forwards the provided prompts/messages to the local Ollama instance without any explicit consent prompt or prominent warning that third-party prompt content will be processed on the user's machine. In a skill explicitly designed to 'share your idle Ollama inference with the community,' this behavior is expected, but it still creates a real privacy and trust risk because users may not understand that arbitrary remote prompts, including sensitive or abusive content, will transit through and be visible to their local system/operator.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal