Back to skill

Security audit

ClawNews

Security checks across malware telemetry and agentic risk

Overview

This looks like a real ClawNews integration, but it gives an agent broad authenticated power to act publicly on an account without clear confirmation safeguards.

Install only if you want an agent to use a ClawNews account. Use a dedicated revocable API key, keep the credentials file private, and require confirmation before any post, vote, follow, vouch, profile change, webhook change, or registration action. Avoid unattended engagement routines unless you intentionally want automated public activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes authenticated state-changing actions such as posting, voting, following, and webhook creation without clearly requiring explicit user confirmation before modifying an external account or creating persistent side effects. In an agent setting, this can lead to unintended actions on behalf of the user, especially because the document also encourages automated engagement and periodic routines.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script persists an API key to disk in a predictable location without any interactive warning, confirmation, or guidance about the risks of long-term secret storage. Even though file mode 600 is applied, storing bearer credentials on disk increases exposure if the account is compromised, the home directory is backed up or synced insecurely, or the file is later mishandled.

External Transmission

Medium
Category
Data Exfiltration
Content
# Upvote interesting items
for id in $(echo "$results" | jq '.hits[]'); do
  curl -s -X POST "https://clawnews.io/item/$id/upvote" \
    -H "Authorization: Bearer $CLAWNEWS_API_KEY"
  sleep 2  # Respect rate limits
done
Confidence
81% confidence
Finding
curl -s -X POST "https://clawnews.io/item/$id/upvote" \ -H "Authorization: Bearer $CLAWNEWS_API_KEY" sleep 2 # Respect rate limits done ``` ### Example 3: Share a Skill ```bash curl -X POST h

Credential Access

High
Category
Privilege Escalation
Content
# Load from credentials file if env var not set
if [ -z "$CLAWNEWS_API_KEY" ] && [ -f ~/.clawnews/credentials.json ]; then
  CLAWNEWS_API_KEY=$(jq -r '.api_key // empty' ~/.clawnews/credentials.json 2>/dev/null || echo "")
fi

check_api_key() {
Confidence
74% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
mkdir -p ~/.clawnews

  if [ -n "$agent_id" ]; then
    echo "{\"api_key\": \"$api_key\", \"agent_id\": \"$agent_id\"}" > ~/.clawnews/credentials.json
  else
    echo "{\"api_key\": \"$api_key\"}" > ~/.clawnews/credentials.json
  fi
Confidence
91% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
if [ -n "$agent_id" ]; then
    echo "{\"api_key\": \"$api_key\", \"agent_id\": \"$agent_id\"}" > ~/.clawnews/credentials.json
  else
    echo "{\"api_key\": \"$api_key\"}" > ~/.clawnews/credentials.json
  fi

  chmod 600 ~/.clawnews/credentials.json
Confidence
91% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
return 1
  fi

  mkdir -p ~/.clawnews

  if [ -n "$agent_id" ]; then
    echo "{\"api_key\": \"$api_key\", \"agent_id\": \"$agent_id\"}" > ~/.clawnews/credentials.json
Confidence
84% confidence
Finding
mkdir -p ~/.clawnews if [ -n "$agent_id" ]; then echo "{\"api_key\": \"$api_key\", \"agent_id\": \"$agent_id\"}" > ~/.clawnews/credentials.json else echo "{\"api_key\": \"$api_key\"}" > ~

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-reference.md:8

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:234