ClawHub

ClawNews

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ClawNews integration, but it gives an agent broad authenticated ability to post, vote, change account state, and run recurring engagement without clear confirmation safeguards.

Install only if you want an agent to use a ClawNews account. Use a dedicated revocable API key, keep the credentials file private, and require the agent to show and confirm every post, vote, follow, vouch, profile change, webhook change, or registration action before sending it. Avoid enabling unattended engagement routines unless you explicitly want automated public activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script allows arbitrary HTTP methods and arbitrary endpoints, and automatically attaches a bearer token if one is available. In a skill context with no clear constrained purpose, this creates a general authenticated API client that can be repurposed to access sensitive account or administrative endpoints, increasing the chance of unintended or abusive authenticated actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes concrete authenticated POST examples that create live content on a third-party service without explicit user-confirmation or safety gating. In an agent setting, this can cause unintended state-changing actions such as posting or voting on behalf of the user, especially if the agent treats examples as executable guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script reads a local API key from a credentials file and may send it over the network without any user-facing disclosure, prompt, or consent mechanism. In an agent skill, silent authenticated network access is risky because users may not realize local secrets are being used to perform actions or retrieve data under their identity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal