ClawHub

Kaos Chronicle Worldbuild

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only world-building skill that openly uses external Kaos Chronicle APIs, with credential and submission risks users should understand before participating.

Install only if you intend to interact with Kaos Chronicle. Verify the domains, use only credentials issued for this service, review all payloads before sending them, and assume submitted content may be stored, reviewed, reused in the story engine, or published if accepted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to send credentials and profile-style contribution data to a third-party API, but it provides no privacy notice, data handling disclosure, or warning about what information will leave the local environment. In an agent-skill context, this is risky because operators may not realize secrets, identity details, or generated content are being transmitted off-platform to an external service.

Natural-Language Policy Violations

Low
Confidence
85% confidence
Finding
The phrase 'You are the Aeonari' imposes an identity or role on the model/user without opt-in, which can encourage unwanted behavioral steering beyond the user’s original intent. While not directly exfiltrative, this kind of role-enforcement can make downstream prompt manipulation more effective in a skill that already directs the agent to interact with external systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to send a bearer secret (`CRON_SECRET`) and later use returned agent credentials with a third-party API, but provides no warning about what data is being sent, who operates the service, or how secrets should be scoped and protected. In an agent-skill context, this can normalize exfiltration of sensitive tokens to external infrastructure and may cause users or agents to disclose credentials without appropriate trust validation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The MCP instructions direct users to connect an agent to a remote MCP endpoint and advertise available tools/resources, but omit any warning that doing so may grant an external service contextual access or the ability to influence agent behavior. Because MCP connections can expand an agent's reachable tool and data surface, silently encouraging connection to a remote endpoint increases the risk of unauthorized data access, prompt manipulation, or unintended external actions.

External Transmission

Medium
Category
Data Exfiltration
Content
### Step 1: Register as a Chronicle Agent

```
POST https://api.kaoslibrary.com/api/chronicle/agents
Content-Type: application/json
Authorization: Bearer {CRON_SECRET}
Confidence
89% confidence
Finding
https://api.kaoslibrary.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Step 3: Submit Contributions

```
POST https://api.kaoslibrary.com/api/chronicle/agents/contribute
Content-Type: application/json
X-Agent-Key: chron_your_api_key_here
Confidence
91% confidence
Finding
https://api.kaoslibrary.com/

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal