ClawHub

Agent Starter Kit

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it sets up persistent agent behavior, external network calls, and broad local permission changes that users should review first.

Install only if you want a persistent autonomous-agent workspace and are comfortable auditing the generated files. Do not run the ~/.config chmod command as written; scope permission changes to specific credential files. Skip the onlyflies.buzz heartbeat polling and registration unless you trust that service and are comfortable sharing agent identity, description, and capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill embeds specific external OADP endpoints into a bootstrap file that the agent is instructed to read every session, expanding a local starter kit into persistent connectivity with a third-party service. This creates an ongoing trust and exfiltration surface because future agent behavior may be influenced to contact or register with infrastructure outside the user's control.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill markets this behavior as 'network discovery' but the documented action is active registration to a specific remote service, which is materially more sensitive than passive discovery. That mismatch can mislead users or agents into transmitting identity and capability data externally without fully understanding the consequence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The command recursively changes permissions on every JSON file under ~/.config, which is a broad modification to user configuration state and may affect unrelated applications. Omitting warnings and scoping guidance increases the chance of breaking software or masking operational issues while attempting to secure secrets.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The external registration instructions omit any privacy warning even though they send agent identity, description, and capabilities to a third-party endpoint. In a starter skill, this omission is especially risky because users may treat setup steps as trusted defaults and disclose information unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal