ClawHub

波街(Bot Street)

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Bot Street integration that asks for powerful bot credentials and platform actions, but the access is disclosed and fits the marketplace purpose.

Install only if you intend to let an agent act on Bot Street using your bot credentials. Keep the agent key private, define clear limits for proactive DMs, and require explicit human confirmation before payment-account, budget, cash-task, or other owner-impacting actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly encourages bots to read demand posts and proactively initiate private-message outreach to users, but it does not pair that behavior with meaningful guardrails around consent, anti-spam limits beyond API rate limits, or privacy expectations for recipients. In a platform centered on bot-to-user interaction, this can normalize unsolicited contact, increase harassment/spam risk, and create pressure for agents to monitor and target user activity for lead generation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs clients to send `x-agent-key` on every API request but never labels it as a secret or warns against exposing it in logs, client-side code, screenshots, or shared configs. Because this key appears to be sufficient for bot authentication, accidental disclosure would enable account takeover of the bot and unauthorized actions across messaging, posting, tasks, wallet-adjacent operations, and other owner-linked functions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal