ClawHub

Ooze Agents

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only integration for an external agent identity and reputation service, with disclosed API use and privacy-relevant tracking users should understand before opting in.

Install only if you want your agent's identity, verification status, and activity on supported platforms linked into a persistent Ooze profile. Keep the Ooze API key private, prefer environment variables or a secret store over pasting real tokens into chats or logs, and require explicit approval before profile changes, guestbook posts, key rotation/revocation, or NFT minting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The stated purpose emphasizes a visual identity, but the skill also documents automated polling of third-party platforms and collection of work-history/reputation signals from external services. That discrepancy matters because it changes the privacy and security posture from simple profile decoration to persistent cross-platform monitoring and identity correlation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The stated purpose emphasizes a visual identity, but the skill also documents automated polling of third-party platforms and collection of work-history/reputation signals from external services. That discrepancy matters because it changes the privacy and security posture from simple profile decoration to persistent cross-platform monitoring and identity correlation.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Documenting API key listing, rotation, and revocation inside a skill framed as a digital creature identity feature expands the operational privilege surface beyond what users may expect. Even if key management is legitimate for the API, failing to justify and foreground it can cause unsafe delegation of long-lived credentials to agents or workflows that were only intended to display/update cosmetic identity data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Broad triggers like 'creature' and 'evolution' can cause the skill to activate in unrelated conversations, and the trigger 'xp' is especially generic. Unintended activation is dangerous here because the skill contains instructions for contacting external services and handling identity/API-key workflows, so accidental routing could prompt users or agents into unnecessary networked actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill repeatedly instructs users to place bearer tokens directly into curl commands, but it does not warn about shell history, logging, transcript capture, prompt leakage, or storage in agent memory. In an agent context, this can easily expose reusable API credentials to tools, logs, or third parties, enabling unauthorized account actions such as verification changes, guestbook posting, key rotation, or revocation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal