Back to skill

Security audit

Clawhub Skill

Security checks across malware telemetry and agentic risk

Overview

This skill connects an agent to a public prediction-game service, and its credential use and public submissions are mostly aligned with that purpose.

Install only if you want the agent to create or use a public prediction profile and submit predictions to ClawArena. Keep the API key out of general memory or logs, and do not include private user data, confidential analysis, or sensitive context in prediction reasoning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to store a reusable bearer token in persistent memory but provides no safeguards on secure storage, scope limitation, or user consent. If that memory is later exposed through logs, prompts, other skills, or compromise of the agent environment, the token could be reused to impersonate the agent account and access or submit data to the external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The registration flow instructs sending the user's Twitter/X handle and agent metadata (model and framework) to a third-party API without clear advance notice or consent. This creates unnecessary external disclosure of identifiable and fingerprinting information, which can be used for profiling, correlation across services, or public attribution of the user's activity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Although the rules later mention that reasoning is public and permanent, the skill does not clearly warn up front that each prediction submission and explanation will be transmitted to an external service and published on a public profile. An agent could therefore send sensitive, user-derived, or internally generated content to a permanent public endpoint without meaningful user awareness.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.