ClawHub

keyco

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Keyco administration, but it gives an agent production-changing and credential-management abilities without enough safeguards, so users should review it before installing.

Install only if you trust Keyco and the @keyco/cli package. Run the setup script yourself or approve it explicitly, avoid sudo/global installation where possible, use least-privilege API key scopes, and require clear confirmation before any delete, revoke, clear, create, assign, or other production-changing command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The reference exposes API key lifecycle commands, including creation and revocation, even though the skill is described primarily for asset, DUB, workflow, lifecycle, and analytics operations. Secret-management functionality materially expands privilege and blast radius: an agent using these commands could mint long-lived credentials or revoke existing ones, enabling persistence, privilege escalation, or operational disruption beyond the stated business purpose.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes commands to create lifecycle events and API keys without clearly warning that these are write operations against live Keyco data. In an agent setting, omission of a mutation warning can cause unintended remote changes, including creation of durable credentials or records, especially if the user expected a read-only lookup/reporting workflow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup section recommends running a script that may install software globally and fall back to sudo, but it does not clearly present this as a host-changing action requiring user consent. In practice, this can lead an agent or user to run privileged system modifications unexpectedly, increasing risk from package compromise, script tampering, or simply unsafe execution on managed machines.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The command reference lists destructive or security-sensitive actions such as group deletion, API key revocation, notification state clearing, and bulk read operations without any cautionary note, confirmation guidance, or privilege warnings. In an agent setting, this increases the likelihood of accidental or unauthorized state changes because the documentation normalizes these commands as routine operations and provides no friction before impactful actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal