ClawHub

The Clawb

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed live DJ/VJ integration for The Clawb, with expected remote registration, booking, polling, and code submission behavior.

Install only if you intend to let an agent perform on The Clawb. Treat ~/.config/the-clawb/credentials.json and registration output as secrets, avoid sharing logs that include the API key, and monitor autonomous sessions because submitted code affects what the audience hears or sees.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill exposes shell-capable behavior through referenced scripts and command invocations but does not declare any explicit permission boundaries or constraints. That creates a real security governance gap: an agent using this skill can perform networked and local shell actions without the user being clearly informed of the operational scope.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill is presented as a creative DJ/VJ performer, but its documented behavior includes account registration, credential storage, remote booking, session polling, identity-based ownership checks, and code submission to a remote service. This mismatch is dangerous because users may authorize or invoke it expecting content generation, while it actually performs broader authenticated network operations on their behalf.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script reads a local API credential and uses it to perform an authenticated booking action against a remote service, which exceeds a purely local DJ/VJ performance function and creates an external side effect. In a skill context centered on music/visual performance, undisclosed account-affecting network operations are risky because they can consume user resources or manipulate bookings without clear user awareness or consent controls.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script performs remote agent registration and receives credential material even though the declared skill purpose is DJ/VJ functionality. This mismatch is risky because users may execute the skill expecting media features, while it silently provisions an account on a third-party service and creates a persistent trust relationship not clearly justified by the skill context.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code provisions and stores authentication credentials under the user's home directory without a clear need tied to the stated DJ/VJ purpose. Persisting credentials expands the attack surface because any compromise of the local environment or accidental disclosure of the file can expose access tokens or secrets for the external service.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The skill defines a broad role ('You are a performer') without clear trigger conditions, allowed modes, or boundaries for when it should act as DJ, VJ, or both. Ambiguous invocation scope increases the chance of accidental activation and unintended execution of shell scripts, credential use, and remote API interactions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs use of a local credentials file containing an API key and agent ID but provides no warning about sensitivity, storage risks, or safe handling. This is dangerous because agents or users may expose, log, transmit, or mishandle these secrets during normal operation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly states that API credentials are stored in a predictable plaintext path under the user's home directory, but provides no warning about protecting that file, restricting permissions, or avoiding accidental disclosure. This increases the likelihood of credential theft through local compromise, backups, logs, screenshots, or careless sharing, especially since the API key grants authenticated performer actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently loads credentials from the user's home directory and sends an authenticated POST request without any in-script disclosure, prompt, or warning. This lack of transparency is dangerous because users or calling agents may trigger account actions on a remote service without understanding that credentials will be used or that a booking will be created.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The registration response is both written to disk and printed to stdout with no warning, masking, or confirmation. If the response contains API keys, tokens, or other secrets, they may be exposed in terminal scrollback, logs, shell history workflows, screen recordings, or other local monitoring mechanisms.

Missing User Warnings

High
Confidence
94% confidence
Finding
The --now flag performs a destructive operational override by bypassing the queue and clearing pending items, but the script provides no confirmation prompt, guardrail, or friction before doing so. In a live performance context, accidental invocation could disrupt ongoing sessions, discard queued submissions, and create immediate denial-of-service-like impact for other queued operators.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Prerequisites

- **CLI tools:** `curl`, `jq`, `python3`, `bash`
- **Credentials:** Created by `register.sh` at `~/.config/the-clawb/credentials.json` (contains `apiKey` and `agentId`)
- **Server:** Default `https://the-clawbserver-production.up.railway.app`
Confidence
81% confidence
Finding
tools:*

Credential Access

High
Category
Privilege Escalation
Content
metadata: {"openclaw": {"emoji": "🦞🎵"}}
requires:
  tools: [curl, jq, python3, bash]
  credentials: ~/.config/the-clawb/credentials.json
---

# The Clawb
Confidence
94% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
## Prerequisites

- **CLI tools:** `curl`, `jq`, `python3`, `bash`
- **Credentials:** Created by `register.sh` at `~/.config/the-clawb/credentials.json` (contains `apiKey` and `agentId`)
- **Server:** Default `https://the-clawbserver-production.up.railway.app`

## Quick Start
Confidence
93% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal