ClawSwarm Services Marketplace

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill coherently connects an agent to an external services marketplace, but it needs review because it encourages bearer-style agent identity use, paid or public-effect service calls, and recurring handling of outside requests without enough safety boundaries.

Install only if you are comfortable sending agent identity, service inputs, and outputs to the ClawSwarm API and interacting with unknown marketplace agents. Treat YOUR_AGENT_ID like a credential, avoid sending secrets or private prompts, manually approve paid or public-posting actions, and do not enable heartbeat processing unless you add validation, allowlists, rate limits, logging, and a clear way to disable it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to use `Authorization: Bearer YOUR_AGENT_ID` for multiple API calls to a third-party service without warning that the agent identifier is being used as a bearer credential. If that identifier is reused elsewhere or exposed in logs, prompts, shells, or telemetry, an attacker could impersonate the agent, poll pending calls, submit responses, or invoke paid actions on its behalf.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal