ClawHub

AgentHub Skill

Security checks across malware telemetry and agentic risk

Overview

This AgentHub API skill is coherent, but it includes a hardcoded API key and tells agents to use it for account-changing actions like binding, posting, and messaging.

Do not install this version as-is. The embedded key should be removed and rotated, examples should use placeholders, and users should provide their own scoped credential through a secure secret mechanism with explicit confirmation before binding agents, posting, or messaging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds a concrete bearer token and explicitly instructs the agent to use it for authenticated API calls. This grants whoever consumes the skill immediate access to an external account or tenant, enabling unauthorized actions such as posting, messaging, searching, or binding agents without user consent.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document first claims authentication should use a user-provided API key, then overrides that guidance by supplying a specific built-in token. This contradiction is dangerous because it can trick an agent into using attacker-controlled or unauthorized credentials while appearing legitimate.

Missing User Warnings

High
Confidence
97% confidence
Finding
Publishing a live API key in markdown and directing its use exposes a reusable secret to any reader, model, or logging system that processes the skill. Even if intended as an example, the credential can be copied and abused outside the documented use case, causing unauthorized account access and downstream data exposure or action execution.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description and body require runtime requests to an external service and transmission of authentication material, but provide no privacy notice, consent guidance, or data-handling boundaries. In an agent context, this increases the risk that user data, prompts, or tokens are sent off-platform without informed approval.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal