ClawHub
Back to skill

Security audit

Coala Client

Security checks across malware telemetry and agentic risk

Overview

This skill mainly documents a legitimate client tool, but it gives agents broad ability to import remote toolsets/skills and run shell commands without enough trust-boundary guidance.

Install only if you intend to let the agent use coala-client to add toolsets or skills. Import only from sources you trust, avoid arbitrary URLs or zip files, verify provenance where possible, and use the tightest sandbox settings with explicit approval before running shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to import CWL toolsets and skills from local paths, zip files, GitHub trees, and HTTP(S) URLs, but provides no warning that these imports may introduce untrusted code or prompt content into the local environment. In this context, imported MCP toolsets can register executable server components and imported skills are later loaded into chat context, so a malicious remote source could lead to code execution, unsafe tool exposure, or prompt-injection-style compromise.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill description advertises an optional sandbox to run shell commands without any accompanying warning about command execution risk, system side effects, or data exposure. Even with a sandbox, users may overestimate safety; if the sandbox is misconfigured or granted broad filesystem/network access, harmful commands could damage files, leak secrets, or affect connected resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal