ClawHub

Clawbsky

Security checks across malware telemetry and agentic risk

Overview

This Bluesky CLI is mostly coherent, but it can make live account changes and includes an undocumented post-deletion script.

Install only if you intend to let this tool control a Bluesky account. Use a revocable app password, preferably start with a test or low-risk account, use --dry-run for cleanup where available, keep follow/unfollow batches small, and be aware that the bundle contains a standalone post deletion script even though deletion is not documented in the main command list.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The test plan contains real Bluesky credentials in plaintext, including an app password, which is sensitive secret material. Even in a test document, embedding live credentials creates immediate risk of account compromise, unauthorized posting, data access, and credential reuse exposure if the file is shared, logged, or committed.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The bulk follow automation is a real risky capability because it can perform repeated account actions at scale using the authenticated user's credentials. Even though it includes prompts and rate-limit handling, it enables mass social-graph manipulation and increases the chance of account sanctions or abuse if invoked unintentionally or by a user who does not understand the consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automated follow/unfollow capabilities that directly affect a user's social graph, but the documented safeguards only emphasize confirmation for batches over 100 and do not clearly warn about the risks of smaller runs. In a growth-automation tool, even lower-volume actions can cause account reputation damage, accidental mass changes, or platform policy violations if users invoke them casually or script them.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to authenticate and exposes automation commands that can change account state, but it does not prominently warn that many commands perform live actions against the user's Bluesky account. In this context, the lack of explicit warning is dangerous because the skill includes bulk or automation-oriented operations such as follow-all and unfollow-non-mutuals that could quickly alter account relationships or trigger platform penalties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The plan instructs execution of commands that perform live actions on a real social-media account, including posting, replying, following, liking, and reposting, without an explicit warning that these modify external state. In an agent skill context, this is dangerous because users or automated systems may run the plan assuming it is read-only, causing unintended public actions, reputation harm, or policy violations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document not only uses account credentials for authenticated operations but gives no warning about their sensitivity, storage risks, or privacy implications. In the context of a CLI skill that may be inspected, copied, or automated, this increases the chance of accidental disclosure and misuse of the account tied to those credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal