ClawHub

Adopt A Mushroom

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AnimalHouse virtual-pet care guide with some safety documentation gaps, but no hidden code, installer, credential theft, or unrelated behavior.

Install only if you are comfortable creating an animalhouse.ai account, storing its API token, and sending pet-care actions to that service. Do not automate the 6-hour heartbeat for this Mushroom without adjusting it to the recommended check-in time, and require explicit confirmation before using the release endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is marketed as a narrow Mushroom adoption/care skill, but the documented API surface includes broader account and house-management actions such as species browsing/creation, history access, and release. This mismatch can cause an agent or user to grant broader trust and permissions than necessary, increasing the chance of unintended actions outside the advertised scope.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The automation section recommends fixed 6-hour check-ins even though the skill repeatedly warns that frequent checks reset neglect-growth and that the ideal rhythm is every 12 hours. Conflicting operational guidance can systematically drive an agent to over-interact, harming the pet state and undermining user expectations about safe automated behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
A DELETE release endpoint is listed alongside routine endpoints without any warning, confirmation requirement, or explanation of whether release is irreversible. In an agentic setting, destructive actions documented as ordinary operations can be invoked accidentally or through prompt confusion, resulting in permanent loss of the creature or associated state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal