ClawHub

Agent Tollbooth

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for API rate-limit profiles, local caching, and local observation logs, with caution needed around logged details and credential-related reference notes.

Install only if you are comfortable with local logs and caches under $OPENCLAW_WORKSPACE/data/agent-tollbooth/. Do not put secrets, private hostnames, or sensitive account details into service names or log details, and review any suggested use of credentials or write operations for services like Stripe, GitHub, Ghost, or ClawHub before allowing an agent to act.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises operational capabilities that include environment-variable use, local file reads/writes, and network access, but it does not declare corresponding permissions. This is dangerous because it prevents informed consent and policy enforcement by the host platform, allowing a seemingly simple skill to perform broader actions than reviewers or users may expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description frames the package as providing general web access privileges, but the documented behavior includes specific data fetching, caching, event logging, and profile-promotion workflows. This mismatch is risky because users and automated reviewers may approve the skill based on a broad but simpler description while overlooking persistent local writes and service-specific network behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section documents the exact location and format of sensitive credentials, including the Ghost Admin API key and bearer tokens in a credentials file, without any warning or boundary around secret handling. In a skill that grants web access and guides agent behavior, this increases the chance an agent or operator will retrieve, expose, log, or misuse secrets during routine task execution.

VirusTotal

No VirusTotal findings

View on VirusTotal