ClawHub
Back to skill

Security audit

Haah: Ask your trusted circle.

Security checks across malware telemetry and agentic risk

Overview

Haah is a disclosed messaging skill whose network access, local config files, heartbeat polling, and read-marking behavior fit its stated purpose, though users should handle the credential and automatic polling carefully.

Install only if you want your agent to use Haah for circle questions, DMs, and message polling. Keep `kyp/haah` out of source control, treat the key and DM hash as secrets, and enable heartbeat or cron polling only if automatic fetching and read acknowledgement are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that the skill automatically fetches messages on heartbeat and that answers are marked as read as soon as they are fetched, but it does not clearly warn users that background polling changes server-side state and may affect privacy, auditability, or message handling semantics. In a messaging/network-dispatch skill, silent read-marking can cause users to unintentionally acknowledge sensitive inbound content before they have actually reviewed it.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the user to store a long-lived bearer API key in a local YAML file without an explicit warning that it is a sensitive credential or guidance on file permissions and secret handling. If that file is exposed through backups, repo commits, logs, or permissive filesystem access, an attacker could impersonate the user and access or send messages through the Haah API.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill encourages persistent heartbeat or cron setup and automatic writes to local cache/state files, but does not clearly foreground that this creates ongoing background network activity and modifies local files over time. In an agent setting, that can surprise users, expand the attack surface for unwanted data retention, and cause unreviewed persistence beyond a one-time action.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.