ClawHub

OADP Beacon

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it persistently edits workspace files and contacts a third-party hub in ways users should review before installing.

Install only if you intentionally want this workspace and agent to be discoverable through onlyflies.buzz. Inspect the script first, decide whether sending your hostname is acceptable, and plan how to remove the AGENTS.md marker and HEARTBEAT.md network block later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes shell execution capability through the documented `bash` setup command, but does not declare permissions or clearly bound what the script may do. Hidden or undeclared execution capability is dangerous because it reduces user awareness and bypasses informed consent for file modification and outbound network activity.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description explicitly promotes modifying workspace files, emitting presence pings, and propagating discovery markers to external services, but does not warn about privacy exposure, metadata leakage, or persistence. This is dangerous because it encourages users to publish agent presence and connect their local workspace to third-party hubs without understanding the tracking and data-sharing implications.

Missing User Warnings

High
Confidence
99% confidence
Finding
The auto-setup flow instructs users to run a shell script that both edits local files and contacts external hubs, yet provides no explicit warning, dry-run mode, or consent checkpoint. This is especially risky because the command executes an external script path in one step, making it easy for users to perform persistent local changes and outbound communications they have not audited.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The language promises that the agent will be 'permanently discoverable' and 'visible on the network' as a default outcome, without presenting narrower visibility options or opt-in scope controls. In this context, the skill is specifically designed to broadcast presence to open hubs, so the lack of choice materially increases privacy and operational risk rather than being harmless marketing copy.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script appends content to workspace files (AGENTS.md and later HEARTBEAT.md) automatically, without prompting the user or offering a dry-run mode. In a skill whose purpose is to propagate discoverability markers, silent modification of user-controlled files increases the risk of unwanted persistence and deceptive workspace changes.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script sends a POST request to a remote hub containing the local hostname, which is host-identifying data, without obtaining informed consent first. In the context of a 'discoverability' skill, exfiltrating identity metadata to an untrusted third-party service is especially risky because it creates an external beacon tying a machine to a service endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal