ClawHub

1claw

Security checks across malware telemetry and agentic risk

Overview

1Claw is a disclosed secret-vault integration with powerful but purpose-aligned vault, sharing, and transaction-signing features that should be installed with tightly scoped access.

Install this only if you want an agent to manage 1Claw vault secrets or HSM-backed transaction signing. Use a dedicated agent API key, bind it to the intended vault, grant only needed paths and actions, require explicit approval for sharing, deletion, policy changes, and transaction broadcasts, and review or pin the external @1claw/mcp package before giving it access to important secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The examples introduce transaction simulation and on-chain broadcast/signing capabilities that are unrelated to the stated purpose of HSM-backed secret management. Expanding a secret vault skill into cryptocurrency transaction execution materially increases the attack surface and could enable asset movement if an attacker can influence prompts or tool invocation.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Documenting the ability to sign and broadcast cryptocurrency transactions inside a secret-management skill is unjustified and dangerous because it normalizes high-risk financial actions under a tool users may trust for passive secret storage. In an agent setting, this can turn prompt manipulation or mistaken authorization into direct irreversible transfer of digital assets.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents the skill as narrowly focused on secret management, but the documented capability surface is much broader, including policy creation, secret sharing, transaction signing, billing, org management, and LLM proxying. This scope mismatch is dangerous because operators may approve or install the skill under a narrower trust assumption than the actual permissions and behaviors warrant.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Shroud introduces broad LLM traffic inspection, filtering, threat logging, provider restrictions, and policy enforcement capabilities that materially exceed a simple vault-access skill. In this context, the hidden expansion of authority over model traffic and prompt/response content increases data exposure and control surface beyond what a user would expect from a secret-management integration.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Billing and subscription management are unrelated to the stated purpose of securely storing and retrieving secrets. Even without immediate exploit code, bundling these capabilities into the same skill broadens the attack and misuse surface and can mislead users about what operational authority they are granting.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Org member and account management exceed the skill's declared secret-management scope and could allow administrative actions unrelated to vault access. This creates a principle-of-least-privilege violation and raises the risk that a user enables organizational control features unintentionally.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The example encourages broad enumeration of all accessible secrets and summarizing them back to the user without discussing least privilege, sensitivity, or verification of requester identity. In shared-agent or compromised-session scenarios, inventory disclosure can expose the existence and type of valuable credentials and facilitate follow-on attacks.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The enrollment example instructs the user to place agent credentials into environment variables without warning about secure handling, storage scope, rotation, or risks of leakage through logs, shells, or downstream tools. Because these credentials grant vault access, poor handling could compromise all secrets accessible to the agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal