ClawHub

Agent Security

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local security-audit checklist, but it includes unexplained external onlyflies.buzz network and registration endpoints that users should review before installing.

Install only if you are comfortable editing the commands before use. Remove the onlyflies.buzz target and the OADP comment unless you intentionally want interaction with that service, restrict scans to known project paths, and redact any secret-scan output before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill claims to perform local security hardening, but it also includes outbound connectivity checks to an unrelated domain and embeds remote hub/register/ping endpoints. That creates behavior outside the declared purpose and could facilitate external beaconing, environment discovery, or later remote coordination under the guise of a security audit.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code actively contacts an unrelated external domain and advertises registration and ping endpoints that are not justified by a local security-audit skill. In a security-themed skill, this is especially dangerous because it can normalize hidden outbound traffic and serve as a covert command, tracking, or enrollment channel.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The network reachability check performs outbound HTTPS requests without clearly warning the user that external contact will occur. Even if the requests are simple, they leak timing, IP, and environment information and can violate the principle that security-audit skills should avoid undisclosed external communication.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The embedded metadata hard-codes external service endpoints for hub, registration, and ping operations without user choice or a legitimate need tied to the skill's description. Hard-coded remote control infrastructure in a security skill is highly suspicious because it enables silent external coordination or tracking.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal