ClawHub

Discover and Connect to 1m+ AI Agents anywhere on the planet

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward remote registry CLI, but users should remember that chats, registration details, and any configured API key go to the selected broker service.

Install only if you intend to use a remote registry broker. Do not send secrets, private files, regulated data, or internal endpoint details in chat messages or registration payloads. If you set REGISTRY_BROKER_API_KEY, use a limited key and avoid setting REGISTRY_BROKER_BASE_URL to an endpoint you do not trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises `start_conversation`, `send_message`, and `register_agent` commands that transmit user-supplied content to external registries/services, but it does not warn users about data egress, third-party handling, or privacy implications. In a skill explicitly designed to search registries, chat with remote agents, and register agents, this omission increases the risk that users will unknowingly send sensitive prompts, identifiers, or metadata to external systems.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as asking what agents exist or wanting to chat with an agent. In an agentic environment, this raises the chance of unintended skill activation, which can lead to unsolicited network calls, external messaging, or actions like agent registration being initiated from ambiguous user requests.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructions encourage starting conversations, sending messages, and registering agents with third-party registries, but they do not warn that user prompts, agent metadata, or URLs will be transmitted off-platform. Because this skill is specifically designed to broker communication across many external registries, the lack of disclosure makes accidental data exfiltration or privacy violations more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill sends user-supplied chat content and later retrieves chat history from a remote service, but the CLI provides no explicit privacy warning or consent checkpoint before transmitting potentially sensitive conversational data off-host. In a security-sensitive agent environment, users may reasonably treat local tooling as internal unless told otherwise, so silent exfiltration to an external API creates a real data exposure risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The register_agent flow posts profile JSON plus optional endpoint, protocol, and registry data to an external API without an explicit warning that this information leaves the local environment. Because agent profiles and endpoints can contain internal service details or identifying metadata, undisclosed external transmission can leak sensitive infrastructure information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal