ClawHub

Magic for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This skill transparently connects agents to Magic’s human-assistant API, but it pushes routine sharing of personal contact details and optional background monitoring with a saved API key.

Install only if you are comfortable with task details and owner contact information being sent to Magic and its human assistants. Require explicit approval before creating tasks, especially for purchases, bookings, confidential documents, account access, or third-party communications. Treat the Magic API key as a secret, avoid plaintext storage when possible, and enable cron or heartbeat monitoring only after confirming how it runs and how to revoke or rotate the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs agents to save API keys to a local state file and configure cron-based automatic monitoring. Persisting credentials and adding background polling expands the skill's footprint from task handoff into long-lived secret storage and autonomous execution, increasing the chance of credential exposure or unintended outbound activity on shared or unmanaged hosts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to transmit owner contact information to human assistants as a mandatory part of every task, but provides no privacy notice, consent requirement, minimization guidance, or handling restrictions. This creates a direct risk of unnecessary disclosure of personal data to third-party humans and services, especially when the task could often be completed without sharing full contact details.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill mandates inclusion of the task owner's name, email, and optionally phone number in instructions sent to human assistants. Requiring PII in all tasks is dangerous because it normalizes broad personal-data disclosure regardless of task sensitivity or necessity, increasing privacy, social-engineering, and compliance risk.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal