ClawHub

Spaces Group Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a Telegram group assistant, but it gives a whole group and private chats broad access to internal workspace data and possible execution workflows without per-user controls.

Install only if every member of the hard-coded Telegram group, and every user who can reach the bot in private chat, should be trusted with internal workspace memory, logs, reports, and any enabled tools. Before use, add per-user allowlists or role checks, restrict readable paths, keep group requests read-only by default, require confirmation for exec/hooks, redact secrets from logs and memory, and review group membership regularly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states that users in a Telegram group can access internal knowledge, memory, logs, and even exec/server-side hook capabilities from a shared chat. In a multi-user group context, this creates a strong risk of unauthorized disclosure of sensitive workspace data and potentially dangerous system-side actions, especially because the documentation does not present clear consent, authorization, or risk warnings.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The phrase indicating that 'any participant in the group' can obtain summaries and answers from internal markdown files and memory stores means sensitive information may be exposed to all members of a shared chat. Trusting an entire group as equivalent to an authorized individual is dangerous because group composition can change, accounts can be compromised, and users may not realize private data is being surfaced publicly to others.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal