ClawHub

AXIS TrustLayer AgentFICO

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its AXIS trust-checking purpose, but its example scripts and authenticated workflows create review-worthy risks around local code execution, session cookies, and reputation or API-key changes.

Install only if you are comfortable sending agent identifiers and event data to AXIS. Prefer the Python trust-check example over the shell helper for untrusted AUIDs, avoid putting real session cookies in chat, command history, or process arguments, and require explicit human confirmation before registering agents, submitting negative events, or creating or revoking API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill's stated purpose is trust checking and agent trust operations, but it also includes API key lifecycle management. That broadens the operational scope into credential administration, which can be abused to create or revoke credentials and thus modify account access beyond a simple reputation lookup workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages authenticated registration and behavioral event submission to a remote third-party service but does not explicitly warn that agent identifiers, behavioral metadata, or possibly system-derived information may be transmitted externally. In an agent skill context, this omission can cause operators or downstream agents to send sensitive operational data off-platform without informed consent or data-minimization controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples instruct use of a live session cookie and later expose authenticated key-management operations without any warning about secret handling, storage, redaction, or least-privilege use. In agentic settings, this increases the risk that users paste credentials into logs, prompts, or transcripts, enabling session theft or unauthorized account actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill enables submission of behavioral events that may affect another agent's trust record, but it omits a caution to verify facts, ensure authorization, and avoid retaliatory or speculative reporting. Even if the backend has safeguards, the documentation normalizes potentially harmful submissions that could damage reputation, trigger disputes, or encourage abuse of the reporting channel.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script sends the user-supplied AUID to a remote API endpoint without any meaningful privacy notice, consent prompt, or indication of logging/third-party handling. While this is the core function of the skill, it can still expose identifiers or sensitive operational metadata if users treat AUIDs as internal-only references.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal