ClawHub

Multi Agent Group Chat

Security checks across malware telemetry and agentic risk

Overview

The plugin does what it advertises, but it automatically posts sub-agent outputs into Telegram or Feishu group chats without clear allowlists, confirmations, or content controls.

Install only for trusted Telegram/Feishu groups where automatic reposting of sub-agent results is intended. Avoid using it for workflows involving secrets, private customer data, internal reasoning, or sensitive operational details unless you add chat/account allowlists, explicit approval, and redaction controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that sub-agent replies are automatically forwarded back into the source group chat, but the description does not present this as a user-facing privacy/security warning. This can lead operators or end users to unknowingly expose internal agent outputs, task contents, or sensitive intermediate reasoning to all group participants.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The documentation says the plugin auto-detects message origin and auto-forwards internal sessions_send task results, but does not clearly define boundaries, eligibility rules, or exclusions. Ambiguous invocation scope increases the risk of unintended cross-channel disclosure, forwarding from unexpected contexts, or misuse in chats where users did not consent to automated reposting.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The notes acknowledge dual delivery of sub-agent results to both the boss agent and the group, but do not warn about the resulting data-sharing and confidentiality exposure. In a multi-agent collaboration setting, intermediate outputs may contain sensitive instructions, user content, or operational details that become visible to unintended group members.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The plugin automatically forwards a sub-agent's final reply to an external group chat based entirely on session metadata, without any user confirmation, authorization check, destination allowlist, or content review. In this skill's context, that behavior is the core feature, but it is still risky because upstream agents or manipulated session metadata can cause unintended disclosure, spam, or cross-chat message injection into Telegram/Feishu groups.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest advertises automatic reply routing back to the originating group chat but does not define clear trigger boundaries, approval requirements, or scope limits. In a multi-agent setting, this ambiguity can cause unintended disclosure or misdelivery of generated content to external chats, especially when agents handle sensitive intermediate data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description explicitly states that agent responses are automatically sent to Telegram/Feishu group chats, but it does not warn users that task outputs may be transmitted to external messaging platforms. This creates a real risk of privacy leakage, accidental exfiltration of sensitive data, or unauthorized sharing of internal agent output, especially because routing is automatic and group IDs are inferred rather than explicitly configured.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal