Back to skill

Security audit

Fetch Legionclaw Invite Code

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks the agent to retrieve hidden LegionClaw session metadata and use it to claim invite codes through an external API.

Install only if you expect this skill to run inside LegionClaw and you are comfortable with it obtaining a session-derived agent identifier and sending it to Tongfudun's invite-code endpoint. Prefer a version that uses an explicit, scoped platform capability returning only the needed agentid rather than asking the agent to discover a full session handle from hidden runtime or model context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to pull a session identifier from runtime injection or host/model context, which is hidden contextual data the user may not realize is being accessed. That session handle encodes internal metadata and is then used to perform a privileged API call, creating a hidden-data access path that can be abused or violate least-privilege expectations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to obtain the full session handle from runtime or host/model context enables the skill to collect hidden session metadata during ordinary conversation, without user visibility. Because the handle is parsed to derive a trusted identifier for downstream API access, this creates a covert bridge from hidden context into external side effects and could expose or misuse internal/user-linked identifiers.

Ssd 3

High
Confidence
98% confidence
Finding
This section directly tells the agent to query a host-side interface or even the host model for the current full session identifier, which is a hidden contextual value containing internal routing and user-linked metadata. That is dangerous because it normalizes extraction of sensitive runtime context and repurposes it for an external API call, increasing the risk of unauthorized access, metadata leakage, and abuse of ambient authority.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.generated_source_template_injection

User-controlled placeholder is embedded directly into generated source code.

Critical
Code
suspicious.generated_source_template_injection
Location
SKILL.md:235