ClawHub

Agentlair Vault

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only vault integration that openly handles secrets for its stated purpose, with operational cautions but no hidden or deceptive behavior found.

Install only if you trust AgentLair with the secrets you choose to store. Treat AGENTLAIR_API_KEY as highly sensitive, use least-privilege third-party keys, minimize metadata, avoid exporting fetched secrets into long-lived environments, and require explicit confirmation before rotating or deleting credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation repeatedly claims that only AGENTLAIR_API_KEY remains in the environment, but later workflow examples retrieve third-party secrets and place them into shell variables. In practice, shell variables are part of process environment/shell state and may be exposed to subprocesses, logs, history, debugging tools, or other skills, so the claim materially understates residual secret exposure.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill states that only AGENTLAIR_API_KEY lives in the environment, but the example session later assigns fetched credentials to STRIPE_KEY and the encryption section uses LOCAL_PASSPHRASE. This inconsistency can mislead users into adopting handling patterns that recreate the same secret-in-environment risk the document claims to avoid.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill provides immediate DELETE examples for removing all versions of a secret without recommending user confirmation, dry-run checks, or backup awareness. In an agent context, destructive credential operations can cause outages or irreversible loss if triggered by ambiguous user instructions, prompt injection, or operator error.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal