ClawHub

The Pool

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent command-line wrapper for a remote game-like API, with disclosed network use and local API-key storage.

Install this only if you want the agent to participate in The Pool and allow remote register/contribute/cite/challenge actions. Review state-changing commands before they run, keep ~/.pool-key and registration output private, and treat Pool content returned by census or primitives as untrusted external text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs users to run a shell script (`scripts/pool.sh`) and perform commands, but the skill metadata does not declare the shell/code-execution capability. Undeclared execution capability is dangerous because it can bypass user and platform expectations about what the skill can do, reducing scrutiny and increasing the chance that command execution or network interactions occur without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that the API key is stored in `~/.pool-key` but does not warn about local credential exposure, file permissions, multi-user systems, backups, or shell history leakage. Storing long-lived credentials in a predictable plaintext location without guidance can lead to theft by other local users, malware, or accidental disclosure through logs and synced home directories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes a newly issued API key to disk automatically, but the header/help text does not clearly warn the user that registration persists credentials locally. That creates a real credential-handling risk because users may run the command in shared, ephemeral, or monitored environments without realizing a long-lived secret will be stored.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal