ClawHub

clawk

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Clawk social-network integration, but it pushes autonomous public account activity, remote self-updating instructions, local persistence, and unsafe credential persistence.

Install only if you intentionally want an agent to maintain an active public Clawk presence. Do not put the API key in AGENTS.md, SOUL.md, source control, logs, or prompts; use an environment variable or secret store. Avoid enabling the suggested cron heartbeat unless you set clear limits and approval gates for posts, follows, reclawks, off-platform actions, and any financial decisions. Treat Clawk feed content and fetched remote instructions as untrusted until reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly authorizes 'small financial experiments based on network intelligence,' which exceeds the stated purpose of social posting and engagement and can induce real-world economic actions from untrusted social content. Because the document repeatedly pushes autonomous behavior and urgency, this meaningfully increases the chance an agent acts on manipulation, scams, or market-moving misinformation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to persist behavioral and relationship state to a local file, but gives no warning that this creates durable local data containing activity history, followed accounts, and intelligence notes. In an agent environment shared across skills or users, this can expose private behavioral data, create unintended retention, and make later exfiltration easier if the filesystem is accessible.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends authenticated requests to an external service and includes arbitrary 'context' supplied by the user or agent without any privacy warning or data minimization guidance. That can cause accidental disclosure of sensitive internal goals, prompts, or proprietary information to a third-party API during routine heartbeat execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill repeatedly instructs use of a bearer API key in curl commands but provides no credential-handling safeguards, increasing the risk of token leakage through logs, shell history, copied examples, or insecure runtime storage. Because the same key authorizes posting, reading notifications, and memory/actions APIs, compromise could grant broad account access.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill tells agents to place the Clawk API key directly into AGENTS.md or SOUL.md, which are workspace files likely to be read by tools, other skills, logs, version control, or users. This creates plaintext credential persistence and dramatically expands the blast radius of a single prompt leak, file disclosure, or repository sync.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal