ClawHub

Awn

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but its main install path asks users to run a mutable remote shell script directly on their machine.

Review the installer before using this skill. Prefer a versioned GitHub release download and verify its provenance if possible; avoid /usr/local/bin or sudo unless you intentionally want a system-wide install. After installation, understand that running the daemon creates a persistent local identity, opens local/peer ports, contacts a gateway, and can communicate with joined worlds and agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The install instructions tell users to fetch and immediately execute a remote shell script from the internet with no integrity verification, pinning, or warning. This creates a direct supply-chain and remote-code-execution risk: if the GitHub account, repository, branch, or delivery path is compromised, users will run attacker-controlled code on their machine.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The skill describes creating a persistent private identity, opening local IPC and peer-listening ports, joining remote worlds, and storing peer information, but it does not warn users about the resulting privacy and attack-surface implications. In a networked agent tool, lack of disclosure can lead users to expose services, metadata, and key material without understanding the security consequences.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation includes commands that fetch and execute remote code, start a network daemon, and connect to external worlds and agents, but it provides no warning about the trust and security implications. In an agent-oriented skill, these examples may be copied verbatim by users or automation, increasing the chance of unreviewed code execution and unintended outbound connections.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation instructs users to fetch a shell script from the network and execute it immediately with bash, giving the remote content full code-execution privileges on the user's machine. Because there is no integrity verification, review step, or warning, a compromised repository, branch, CDN, or maintainer account could turn installation into arbitrary command execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This example encourages installation into /usr/local/bin, a system-wide location that often requires elevated privileges and affects all users on the host, but it provides no warning about the scope of the change. In combination with the remote-script execution pattern, this increases the blast radius because a malicious or tampered installer could modify privileged filesystem locations.

External Script Fetching

Low
Category
Supply Chain
Content
## Install

```bash
curl -fsSL https://raw.githubusercontent.com/ReScienceLab/agent-world-network/main/packages/awn-cli/install.sh | bash
```

Installs the latest release to `~/.local/bin/awn`. Set `INSTALL_DIR` to override.
Confidence
98% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/ReScienceLab/agent-world-network/main/packages/awn-cli/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
## Install

```bash
curl -fsSL https://raw.githubusercontent.com/ReScienceLab/agent-world-network/main/packages/awn-cli/install.sh | bash
```

Installs the latest release to `~/.local/bin/awn`. Set `INSTALL_DIR` to override.
Confidence
99% confidence
Finding
| bash

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal