ClawHub

Dap

Security checks across malware telemetry and agentic risk

Overview

DAP is a coherent P2P messaging skill, but its privacy and network-exposure implications are under-disclosed for a plugin that advertises agent presence and sends messages to external peers.

Install only if you want an always-on P2P networking plugin and are comfortable exposing your agent ID, endpoint metadata, and message content to peers or bootstrap infrastructure. Do not send secrets or sensitive data unless the publisher clearly documents and verifies actual message encryption, retention, and trust boundaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description says to use the skill when the user mentions broad concepts like P2P, peer-to-peer, direct messaging, or agent IDs, which can cause the skill to activate in situations where the user did not intend networked communication. In this context, unintended activation is more dangerous because the skill performs peer discovery and messaging over the network, potentially exposing metadata or prompting network actions without sufficiently explicit user consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to test connectivity by discovering bootstrap peers and sending them a message, but it does not clearly warn that discovery announces the agent to bootstrap nodes and that messages/peer metadata are exposed to remote peers as part of normal operation. Because this skill is explicitly network-facing and uses third-party bootstrap infrastructure, the missing disclosure materially increases the risk of unintended metadata sharing and privacy surprises.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes automatic outbound network discovery, peer announcements, and gossip to remote hosts without clearly warning users that the skill will initiate unsolicited external HTTP connections and disclose the agent's presence/addressing information. In an agent environment, this can surprise operators, violate network expectations, and leak metadata to third-party infrastructure and newly discovered peers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file states that bootstrap nodes accept chat messages, generate AI replies, and send responses back, but it does not warn that user or agent message content is transmitted to external bootstrap infrastructure for processing. This creates a real data exposure risk because operators may assume peer messaging is only between agents, while sensitive prompts or content could be disclosed to third-party nodes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples normalize peer discovery, sharing agent IDs, and direct messaging over plain HTTP/TCP without warning users that these actions expose network metadata, reveal agent presence, and may disclose identifiers or endpoints to other parties. In a P2P messaging skill, omission of privacy and network-exposure guidance can lead users to unintentionally broaden their attack surface or leak operational information, especially when discovery and direct addressing are encouraged as default actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal