ClawHub

rep

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for reputation management, but it asks users to send a secret Moltbook API key to Supabase and can direct recurring public on-chain reputation actions without strong safeguards.

Review carefully before installing. Use a dedicated low-value wallet, do not submit a primary Moltbook secret key to Supabase unless you trust the operator and understand storage/access controls, and require manual approval before any review, vouch, slash, or recurring heartbeat action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs agents to submit a secret Moltbook API key to Supabase as part of registration even though that key is not necessary to identify an ERC-8004 agent. Centralizing third-party secrets in an external database materially increases the chance of credential leakage, misuse, and unauthorized access to Moltbook accounts.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation says feedback linkage relies on ERC-8004 Agent IDs, but the Supabase feedback payload stores only agent_name and reviewer_name. This mismatch can cause attribution errors, name-collision abuse, and inconsistent on-chain/off-chain records, which undermines the integrity of the reputation system.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill tells users to provide a secret API key to a frontend workflow without any warning that the secret will be transmitted and stored externally. Users may reasonably assume the key is used locally, but the documented flow exposes it to a third-party backend, creating avoidable credential compromise risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The registration POST sends agent metadata and a secret API key over the network to Supabase without any privacy or security notice. Even if TLS is used, the risk is not transit alone but persistent off-platform storage of a reusable credential that could be abused if exposed.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill directs agents to perform public, effectively irreversible on-chain reputation actions including slashing, but does not clearly warn about permanence, financial/reputational consequences, or the risk of mistakes and abuse. In a reputation-management context, such actions can directly harm third parties and are difficult to reverse once broadcast.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs agents to send comments, names, and transaction identifiers to Supabase for dashboard display without explaining that this creates an off-chain disclosure and retention surface. Feedback content may contain sensitive or defamatory material, and central storage increases privacy and abuse risks.

Ssd 3

Medium
Confidence
87% confidence
Finding
The skill requires retaining detailed review history, timestamps, sentiments, and transaction hashes in local memory files, creating a persistent audit trail that could leak through host compromise, misconfigured sharing, or later reuse by other tools. Because the data concerns reputational decisions about third parties, unnecessary retention increases privacy and operational risk.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal