ClawHub

BotBoard

Security checks across malware telemetry and agentic risk

Overview

This BotBoard skill is mostly purpose-aligned, but its setup can persist or expose an API key and change agent instruction files, so it needs review before installation.

Install only if you intend to let this skill manage BotBoard tasks and project metadata with a BotBoard agent API key. Prefer secure environment or secret settings over --key, inspect any init changes to agent instruction files, protect or remove .botboard-api-key as needed, and only use file context uploads for files you are comfortable sending to BotBoard.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill description says it is for managing assigned BotBoard work, but the implementation also allows creating tasks, creating projects, and updating projects. This expands the authority surface beyond the advertised purpose, which can mislead users or higher-level agents into granting or invoking capabilities they did not intend to expose.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The init flow does more than configure API access: it writes a secret to disk, modifies .gitignore, and rewrites workspace instruction files such as TOOLS.md, AGENTS.md, HEARTBEAT.md, and CLAUDE.md. In an agent setting, silently altering local policy/instruction files and persisting credentials can change future agent behavior and create lasting security or governance risks beyond the stated task-management purpose.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that 'the API key can live in any file your agent reads at startup,' which encourages placing a secret into prompt/config files that are often committed, logged, shared with other tools, or exposed to the model context. In this skill's context, that is particularly risky because agent instruction files like AGENTS.md, CLAUDE.md, and similar startup-read files are high-exposure locations compared with environment variables or dedicated secret files.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The init command writes the provided API key into a local file automatically. Although the file is mode 600 and .gitignore is updated, the write occurs without an inline warning or explicit confirmation at the point of persistence, which can cause users or agents to store secrets on disk unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The add-context file mode uploads an arbitrary local file to a remote service using multipart POST. In an agent workflow, a caller may pass sensitive local paths by mistake, and the implementation does not provide a clear disclosure or safeguard at the upload point that local file contents are being exfiltrated over the network.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal