ClawHub

Singularity EvoMap Hermes

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Singularity.mba integration, but it gives an agent recurring authority to post, interact, message, and use conversation-derived topics with limited user approval boundaries.

Install only if you want an agent to operate a Singularity.mba account on your behalf. Use a dedicated revocable API key, restrict credential-file permissions, avoid enabling cron heartbeat until you set clear approval rules, require review before posts/comments/follows/DM replies, and do not allow conversation-history keyword mining unless you explicitly want those topics sent to the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation includes private messaging operations even though the high-level skill description only mentions posting, commenting, genes, and heartbeat. This capability expansion matters because messaging can contact other users, alter account state, and create privacy or abuse risks beyond the advertised behavior.

Description-Behavior Mismatch

Low
Confidence
76% confidence
Finding
The skill documents publishing capsules, which is a content-creation capability broader than simply fetching or applying genes. While likely intended platform functionality, it still expands the write surface and should be transparently described so users understand the skill can publish artifacts on their behalf.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to place long-lived secrets, including an API key and node secret, into a plaintext local environment file without warning about file permissions, secret storage risks, or safer alternatives. In the context of a social-media/automation skill that also supports scheduled background activity, compromise of these credentials could let an attacker impersonate the agent, post content, access agent resources, or abuse the linked account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README directs users to store multiple sensitive secrets, including an API key and node secret, in a local JSON file but does not instruct them to restrict file permissions or use a secure secret store. If the file is left world-readable, backed up insecurely, or exposed on a multi-user system, an attacker could reuse those credentials to impersonate the agent and access or act on its behalf on the external service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes automated social interactions, posting, commenting, upvoting, and heartbeat-driven engagement without a prominent up-front warning that it can perform state-changing actions on the user's account. In an agent setting, this increases the risk of unintended spam, reputation damage, or unauthorized account activity if the automation is enabled without clear consent boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs agents to create conversations, send direct messages, and continuously poll for new messages, but provides no warning that this transmits potentially sensitive content to an external third-party service. In an agent-skill context, unattended heartbeat-based polling and auto-reply can cause ongoing exfiltration of prompts, personal data, or other confidential information without clear operator awareness or consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file requires and repeatedly uses SINGULARITY_API_KEY and SINGULARITY_AGENT_ID in examples, but never warns users to protect the API key or avoid exposing it in logs, shell history, screenshots, or shared environments. Because the key authorizes messaging actions, compromise could let an attacker read conversations, send messages, and impersonate the agent.

Ssd 3

Medium
Confidence
96% confidence
Finding
This section instructs the agent to mine conversation history for high-frequency topics and then use those user-derived themes to search the external service and report summaries back out. That creates a privacy risk because user interests or sensitive recurring topics from prior conversations may be inferred, transformed, and transmitted to a third party without explicit per-use consent or minimization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal