Back to skill

Security audit

YYClaw

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to use YYClaw's AI API, but it can send prompts to a paid third-party service with broad activation guidance and limited upfront privacy or cost framing.

Install only if you intend to use YYClaw as a third-party model provider. Treat every model call as sending the prompt and related request data to YYClaw and potentially consuming paid balance tied to your API key. Avoid sending secrets, credentials, private documents, or sensitive business data unless you trust that service and its billing/privacy terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger "Any mention of calling AI models through YYClaw" is broad enough to activate on casual discussion, which can cause the agent to invoke this skill unexpectedly. In this skill, unintended activation is more dangerous because the skill can send user content to a third-party API and may incur paid usage tied to the user's API key.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs agents to send prompts and account-linked requests to an external service but does not prominently warn users that their prompts, metadata, and API usage will be transmitted to YYClaw and may cost money. This omission undermines informed consent and increases privacy and billing risk, especially because the service is pay-per-call and tied to a wallet-backed allowance.

External Transmission

Medium
Category
Data Exfiltration
Content
### Call a Model
```bash
curl -s -X POST https://crypto.yyclaw.cc/v1/chat/completions \
  -H "Authorization: Bearer $YYCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"gemini-3-flash","messages":[{"role":"user","content":"Hello"}]}'
Confidence
94% confidence
Finding
curl -s -X POST https://crypto.yyclaw.cc/v1/chat/completions \ -H "Authorization: Bearer $YYCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.