ClawHub

Hatcher Host AI Agents Deployment

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill matches its Hatcher hosting purpose, but it gives agents broad credential, payment, integration, and hosted-agent control workflows without enough explicit user-confirmation and secret-handling guardrails.

Review before installing. Use test accounts and low-scope tokens first, keep HATCHER_KEY and platform tokens in a secret manager, avoid pasting secrets into shared terminals or logs, rotate anything exposed, and require explicit human confirmation before purchases, wallet signing, public posts, DMs, plugin installs, and deletes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Low
Confidence
87% confidence
Finding
The verification polling flow places the user's email address in a query string, which can be exposed via client logs, browser history, proxy logs, monitoring systems, and referrer leakage. Although the endpoint uses HTTPS and the email is not a secret like a password, it is still unnecessary exposure of personal data and creates avoidable privacy risk in an auth flow.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document instructs users to place highly sensitive bot and API tokens directly into curl commands and config payloads, but does not warn about safe handling, shell history leakage, screen sharing, logging, or limiting who can perform these actions. Even if Hatcher encrypts tokens at rest, exposure can occur before storage on the operator’s machine, in CI logs, or via copied command history.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The testing workflow tells the agent to send a live DM on an external platform without warning that this can message real users, trigger notifications, or cause unintended outbound actions. In an agent skill context, this increases the risk of operators performing production actions during testing or accidentally contacting third parties.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section documents payment flows involving on-chain signing and subsequent purchase activation, but it does not include an explicit warning that these actions spend funds and may be irreversible. In an agent-skill context, operational examples can be copied into automated workflows, so omission of a strong confirmation requirement materially increases the risk of unauthorized or accidental financial loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to obtain a user's email, register an account on their behalf, capture a JWT, and then create and persist a long-lived API key, but it does not include explicit warnings about the sensitivity of those credentials or require secure secret-handling practices. In an agent setting, this can lead to tokens being logged, retained in memory/history, or exposed to downstream tools, enabling unauthorized control of the user's hosted agents and account resources.

External Transmission

Medium
Category
Data Exfiltration
Content
### 4. Create an API key (so you don't need to manage JWT refresh)

```bash
curl -sS -X POST https://api.hatcher.host/auth/api-keys \
  -H "Authorization: Bearer JWT_FROM_STEP_2" \
  -H "Content-Type: application/json" \
  -d '{ "label": "agent-default", "createdBy": "agent" }'
Confidence
90% confidence
Finding
curl -sS -X POST https://api.hatcher.host/auth/api-keys \ -H "Authorization: Bearer JWT_FROM_STEP_2" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### 4. Create an API key (so you don't need to manage JWT refresh)

```bash
curl -sS -X POST https://api.hatcher.host/auth/api-keys \
  -H "Authorization: Bearer JWT_FROM_STEP_2" \
  -H "Content-Type: application/json" \
  -d '{ "label": "agent-default", "createdBy": "agent" }'
Confidence
90% confidence
Finding
https://api.hatcher.host/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal