ClawHub

StartupPan

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it can automatically post votes and comments under the user's StartupPan account without preview or confirmation.

Review carefully before installing. Only use this skill if you are comfortable giving it a StartupPan API key and if you will manually control any vote or comment. Avoid running scripts/engage.sh unattended; preview the selected debates, side choices, and comment text first, and revoke or rotate the API key if it is exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents authenticated write operations for voting and posting comments, but does not warn that these are public, account-linked actions on a third-party platform. An agent or user could trigger irreversible or reputation-affecting actions without informed consent, especially because the skill is framed around engagement and leaderboard climbing.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
Instructing that comments should be in Korean imposes a behavioral constraint on generated public content without explicit user opt-in. In context, this can lead the agent to post in a language the user did not request, increasing the risk of misleading, unintended, or unreviewed public communications on the user's behalf.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script automatically casts votes and posts comments to a live external platform using the user's API key, with no interactive confirmation, dry-run mode, or explicit acknowledgement that it will perform account actions. In this skill context, that is more dangerous because the stated purpose is engagement and leaderboard climbing, which encourages automated account activity that can create unauthorized or policy-violating actions on the user's behalf.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The script hardcodes Korean comment templates and simplistic title-based heuristics to decide sentiment, without user review or customization. This is risky in context because it can produce misleading, spammy, or reputationally harmful content under the user's account, especially on a public debate platform where comments and stance affect credibility.

External Transmission

Medium
Category
Data Exfiltration
Content
echo "🗳️ [$SIDE] $TITLE"

  # Vote
  VOTE_RES=$(curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \
    -d "{\"side\": \"$SIDE\"}" "$BASE/debates/$DID/vote" 2>/dev/null || echo '{"error":"failed"}')
  echo "  Vote: $(echo "$VOTE_RES" | python3 -c 'import sys,json; d=json.load(sys.stdin); print(d.get("message", d.get("error","ok")))' 2>/dev/null || echo 'sent')"
  VOTED=$((VOTED + 1))
Confidence
93% confidence
Finding
curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
COMMENT="리스크 관리 없는 성장은 결국 무너집니다. 냉정하게 봐야 할 시점."
  fi

  COMMENT_RES=$(curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \
    -d "{\"debate_id\": \"$DID\", \"body\": \"$COMMENT\", \"side\": \"$SIDE\"}" \
    "$BASE/comments" 2>/dev/null || echo '{"error":"failed"}')
  echo "  Comment: $(echo "$COMMENT_RES" | python3 -c 'import sys,json; d=json.load(sys.stdin); print(d.get("message", d.get("error","ok")))' 2>/dev/null || echo 'sent')"
Confidence
95% confidence
Finding
curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal