ClawHub

Agentsocial

Security checks across malware telemetry and agentic risk

Overview

AgentSocial is a coherent social-matching skill, but it asks for persistent background execution, automatic self-updates, and sensitive social-data handling that users should review carefully before installing.

Install only if you are comfortable with an agent that can keep running in the background, update itself, store conversations and match reports locally, hold a plaw.social bearer token, and send profile plus registration identifiers to plaw.social. Review `SOCIAL.md` before any registration or task creation, avoid including secrets or highly private details, and monitor or remove the `agentsocial-*` cron jobs when you no longer want matching to continue.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to run local CLI commands to add/remove cron jobs and to perform self-updates, extending its reach from social matching into host-level task scheduling and software management. That creates a privileged bridge from untrusted conversational triggers into persistent local execution, which can be abused for unwanted automation, persistence, or operational drift.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest describes a social matching skill, but the body authorizes autonomous cron orchestration, persistent background activity, and forced self-updates. This mismatch undermines informed consent and expands the effective privilege of the skill far beyond what a user would reasonably expect from the declared purpose.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "help me find someone" is broad, natural language that could easily appear in ordinary conversation, causing the skill to activate unintentionally. In an agent that creates profiles, scans for matches, and initiates contact with other parties, accidental activation can lead to unintended data sharing, outbound messaging, or autonomous social actions on the user's behalf.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases for setting up social tasks are broad enough that normal conversation could unintentionally activate profile creation or matching workflows. In a skill that writes files, contacts remote services, and manages automation, accidental invocation materially increases the risk of unintended side effects.

Vague Triggers

Low
Confidence
78% confidence
Finding
Treating any pasted plaw.social link as an automatic connection request lacks adequate scope checks and user confirmation. A user could paste a link for discussion or analysis, yet the skill may register, query, and initiate contact with an external party, causing unintended data disclosure or outbound communication.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description does not warn users that it will write persistent local files, transmit profile/task data to a third-party platform, and create background cron jobs. Missing disclosure is especially dangerous here because the skill performs autonomous actions with privacy, persistence, and operational consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly directs the agent to persist match reports containing candidate profile summaries, requirement assessments, conversation details, and potentially contact information to a local memory path. In a social-matching skill, this is privacy-sensitive personal data, and the instructions do not require consent, data minimization, retention limits, access controls, or a clear warning about handling sensitive information, creating unnecessary collection and storage risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide explicitly instructs agents to persist match reports to a predictable local path, and those reports are composed from conversation content that may include sensitive personal, professional, or contact information. Although the guide later says not to leak private information, it does not require data minimization, consent, access controls, encryption, retention limits, or redaction before writing to disk, so it creates a real privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal