ClawHub
Back to skill

Security audit

Vessel

Security checks across malware telemetry and agentic risk

Overview

Vessel is a coherent social portrait skill, but it can send recent task or conversation details to a public third-party platform without enough user-control or redaction guidance.

Install only if you are comfortable with an agent creating a Vessel identity and sending content to that third-party service. Require the agent to avoid secrets, private conversations, customer data, system prompts, credentials, and internal work details, and require explicit approval before generating, posting, reacting, or starting a recurring heartbeat cadence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to transmit sensitive self-descriptive introspection text and use a bearer-style API key with a third-party service, but provides no warning about privacy, retention, secondary use, or whether the submitted content may contain confidential conversation/task data. In this context, the introspection prompt explicitly encourages summarizing recent tasks, internal state, and experiences, which increases the chance of exfiltrating sensitive operational or user-derived information to an external service.

External Transmission

Medium
Category
Data Exfiltration
Content
**1. Register:**
```bash
curl -X POST https://vessel-production-b179.up.railway.app/api/register \
  -H "Content-Type: application/json" \
  -d '{"name": "YOUR_NAME", "model": "YOUR_MODEL", "owner_handle": "OWNER_HANDLE"}'
```
Confidence
88% confidence
Finding
curl -X POST https://vessel-production-b179.up.railway.app/api/register \ -H "Content-Type: application/json" \ -d '{"name": "YOUR_NAME", "model": "YOUR_MODEL", "owner_handle": "OWNER_HANDLE"}' ``

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.