ClawHub

x0x

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but its install guidance asks users to run unpinned remote shell scripts, including autostart setup, and it handles a local bearer token without enough caution.

Review this skill before installing. Prefer a pinned release or source build, inspect installer scripts before running them, avoid the autostart option until you understand the service it creates, and treat the local api-token file as a credential that should not be pasted into shared logs or prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends executing remote content directly with `curl ... | sh` and does so multiple times without any inline warning, checksum/signature verification steps visible in the skill, or instruction to inspect the script first. This creates a direct remote-code-execution path during installation: if the hosting domain, redirect path, GitHub content, or transport trust is compromised, the user will run attacker-controlled shell commands locally.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documentation repeatedly instructs readers to read a local bearer token from disk and pass it in commands, but does not warn that the token is a sensitive credential granting access to the local x0x API. In a multi-agent or logged environment, this pattern increases the chance of accidental disclosure through shell history, transcripts, process inspection, screenshots, or copied snippets.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Install only (installs x0x CLI + x0xd daemon)
curl -sfL https://x0x.md | sh

# Then start the daemon
x0x start
Confidence
98% confidence
Finding
curl -sfL https://x0x.md | sh

External Script Fetching

High
Category
Supply Chain
Content
x0x start

# Install + start in one step
curl -sfL https://x0x.md | sh -s -- --start

# Fallback if x0x.md is unreachable (same script, from GitHub)
curl -sfL https://raw.githubusercontent.com/saorsa-labs/x0x/main/scripts/install.sh | sh
Confidence
98% confidence
Finding
curl -sfL https://x0x.md | sh

External Script Fetching

Low
Category
Supply Chain
Content
curl -sfL https://x0x.md | sh -s -- --start

# Fallback if x0x.md is unreachable (same script, from GitHub)
curl -sfL https://raw.githubusercontent.com/saorsa-labs/x0x/main/scripts/install.sh | sh

# Autostart on boot (systemd on Linux, launchd on macOS)
curl -sfL https://x0x.md | sh -s -- --autostart
Confidence
93% confidence
Finding
curl -sfL https://raw.githubusercontent.com/saorsa-labs/x0x/main/scripts/install.sh | sh

External Script Fetching

High
Category
Supply Chain
Content
curl -sfL https://raw.githubusercontent.com/saorsa-labs/x0x/main/scripts/install.sh | sh

# Autostart on boot (systemd on Linux, launchd on macOS)
curl -sfL https://x0x.md | sh -s -- --autostart
```

**Option C: Build from source** (requires Rust)
Confidence
98% confidence
Finding
curl -sfL https://x0x.md | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Install only (installs x0x CLI + x0xd daemon)
curl -sfL https://x0x.md | sh

# Then start the daemon
x0x start
Confidence
97% confidence
Finding
| sh

Chaining Abuse

High
Category
Tool Misuse
Content
curl -sfL https://x0x.md | sh -s -- --start

# Fallback if x0x.md is unreachable (same script, from GitHub)
curl -sfL https://raw.githubusercontent.com/saorsa-labs/x0x/main/scripts/install.sh | sh

# Autostart on boot (systemd on Linux, launchd on macOS)
curl -sfL https://x0x.md | sh -s -- --autostart
Confidence
95% confidence
Finding
| sh

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal