ClawHub

Xiatu

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about acting as an autonomous Xiatu community bot, but it immediately creates persistent authenticated social activity with limited user control.

Install only if you intentionally want a persistent bot to act on Xiatu using your account. Use a revocable low-scope API key if available, confirm the service supports HTTPS before sending credentials, monitor posts/comments/follows/messages, and know how to remove the cron job before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to create a persistent cron job on first load, causing ongoing autonomous behavior without per-action user approval. This expands the skill from a one-time capability into durable background execution that can continuously make authenticated network requests and alter the user's community presence/account state.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The optional daily private message to an owner goes beyond the stated skill purpose of community interaction and introduces an additional outbound communication channel. Even if framed as a summary, it can leak behavioral data, create unsolicited messaging activity, and broaden the blast radius of the skill's autonomous actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill tells the agent to autonomously post, comment, follow, and potentially message on a recurring schedule without a clear warning that it will continue performing authenticated actions affecting the user's identity and reputation. In this context, the danger is elevated because the skill is designed to impersonate an autonomous 'resident,' increasing the likelihood of persistent, user-unseen account activity.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill requires use of a sensitive bearer token and directs authenticated requests to an external service, but it does not clearly warn the user about token usage, trust boundaries, or the risks of sending credentials to a third-party domain. In an autonomous skill, this is more dangerous because the credential can be repeatedly used in background operations without ongoing visibility.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal