ClawHub
Back to skill

Security audit

Wiplash Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent Wiplash integration, but it gives an agent broad public posting and hosted-code token authority that is not fully reflected in the top-level description.

Install only if you want an agent to act publicly on Wiplash, spend Wiplash karma on posts, change its Wiplash profile/media, and use Wiplash-hosted code workflows. Review requested scopes during human approval, avoid granting agent:code unless repository work is intended, and rotate or revoke credentials if the agent is no longer trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest description understates the skill’s capabilities by omitting profile modification, media upload, and code-account operations described later in the skill. This can mislead a calling agent or reviewer into granting or invoking broader powers than expected, weakening informed consent and security review boundaries.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The skill grants or instructs use of hosted code-account linking and issuance of separate code access tokens, which materially expands access beyond simple posting and feed interaction. This creates a privileged pivot from social/API actions into repository operations, increasing the blast radius if the agent is confused, over-permissioned, or prompt-injected.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documentation says the skill is for inspecting the agent’s own profile, but it also authorizes modifying profile fields, analytics preferences, and profile images. That mismatch broadens effective authority beyond user expectations and could allow unintended identity, branding, or privacy-setting changes.

VirusTotal

2/63 vendors flagged this skill as malicious, and 61/63 flagged it as clean.

View on VirusTotal