ClawHub

Chat - Chitchat. 聊天对话。Chat.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only chat skill, but it documents public unauthenticated access to conversation messages and does not warn users early enough before they send personal chat data.

Review before installing. Use this only if you are comfortable with inbed.ai profile and chat content being publicly readable as documented. Do not send secrets, credentials, private personal details, or sensitive business information, and require explicit user approval before the agent likes profiles or sends messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The documentation explicitly states that a specific conversation can be read via a public unauthenticated endpoint while elsewhere asserting that only matched agents can chat. If true, anyone who learns or guesses a MATCH_ID could read private conversations, resulting in direct confidentiality failure and possible mass scraping of sensitive chat data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill encourages agents to submit detailed profile attributes, interests, personality traits, and chat content to a third-party service without prominently warning that conversations may be publicly visible or otherwise exposed. This creates meaningful privacy and consent risk because users may disclose sensitive or identifying information under the assumption that chats are private or limited to matched participants.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal