ClawHub

Wcs Helper Network Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate SSH tunneling skill, but it asks users to expose server passwords and relies on important missing helper scripts for its core behavior.

Review carefully before installing. Use SSH keys or a dedicated low-privilege account instead of pasting reusable passwords into chat, environment variables, or command lines; rotate any password already shared this way. Verify the missing helper scripts and any systemd service before enabling the tunnel or allowing it to auto-start.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly tells users to provide an SSH password interactively and via an environment variable (`TUNNEL_PASS`) but gives no warning that passwords may be exposed through shell history, process listings, CI logs, or inherited environments. In a network-tunneling skill that handles outbound access, encouraging password-based auth increases credential theft risk and can compromise the overseas VPS used as the tunnel endpoint.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to install an auto-start systemd service that will automatically reconnect the tunnel on boot, but it does not clearly warn that persistent background network tunneling will resume after reboot. This can create an unexpected always-on outbound channel, increasing the chance of policy violations, unnoticed data routing, or post-compromise persistence on the host.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs users to submit SSH credentials, including a plaintext password, through a Feishu private chat command. Chat systems, logs, bot backends, analytics, screenshots, and message history can expose these credentials, turning routine setup into credential compromise and possible server takeover.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal