ClawHub

Feelgoodbot

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed macOS security setup that installs a monitoring daemon and documents TOTP step-up auth, but users should review its local service changes before running it.

Install only if you trust the upstream feelgoodbot project and want persistent local monitoring. Before running setup, review that it installs an unpinned Go binary, creates a baseline, enables Clawdbot webhooks, stores a local webhook secret, restarts the gateway, and starts a daemon. Run the documented TOTP initialization and protected-action configuration separately if you expect step-up authentication to be active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill claims to set up both file integrity monitoring and TOTP step-up authentication, but the actionable setup instructions also enable and configure Clawdbot webhooks, generate a webhook token, and restart the gateway. That expands the skill's behavior into another system and changes local service configuration, which is security-relevant and not clearly disclosed in the skill description. In a security-focused skill, hidden or under-described integration steps are especially risky because users may trust the skill to make only narrowly scoped hardening changes.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script sets up Clawdbot webhook integration even though the declared skill purpose is limited to feelgoodbot integrity monitoring and TOTP step-up authentication. This scope mismatch is dangerous because it grants the script authority over another runtime component and creates an undeclared trust path via a webhook secret, increasing the attack surface and violating user expectations about what the skill will modify.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill description promises TOTP step-up authentication, but the script never configures any OTP/TOTP mechanism. This is dangerous because users may rely on a security control that was never actually enabled, creating a false sense of protection for sensitive actions and potentially leaving privileged workflows unguarded.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script changes Clawdbot runtime configuration, generates a token, and restarts the gateway despite that behavior not being justified by the stated purpose of the skill. Modifying an external service in setup code can disrupt existing deployments, alter security-sensitive settings, and create unintended trust relationships that an attacker could later abuse.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The manual reset instructions tell the user to delete authentication material and session state directly from disk. Although there is a brief note about losing access, the guidance bypasses the safer authenticated reset flow and does not sufficiently emphasize the security and recovery consequences of removing TOTP state by hand. In an authentication skill, instructions that normalize deleting auth files can weaken protections or leave the system in an inconsistent state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal