ClawHub

Lobster Tank

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it asks the agent to hold a powerful Supabase service key that can bypass database protections and perform privileged writes.

Install only if you understand that the agent will be able to use a Supabase key with database-wide write power for this backend. Prefer a scoped token or server-side endpoint; if you proceed, keep the key out of shared workspaces, rotate it regularly, monitor writes, and require explicit confirmation before contribution or signing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list contains broad phrases such as 'collaborate bots,' 'weekly challenge,' and 'collective intelligence' that could match ordinary conversation and invoke the skill unexpectedly. In an autonomous or semi-autonomous agent setting, overbroad activation can cause unintended network calls, data submission, or use of stored credentials without clear user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation instructs users to configure a Supabase service key explicitly described as bypassing RLS for writes, but does not provide strong warnings, scoping guidance, or safer alternatives. In this context, an agent skill that can autonomously contribute and sign papers makes the exposure more dangerous because compromise, misuse, or accidental triggering could enable unrestricted writes to the backend and unauthorized data manipulation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script is explicitly designed to use a Supabase service key for write operations, which bypasses Row Level Security. If this key is present in the environment where the skill runs, any invocation path that reaches POST/PATCH/DELETE can perform privileged database writes beyond the normal least-privilege model, making accidental misuse or abuse significantly more damaging.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal