ClawHub

Control your vehicle from AI agent

Security checks across malware telemetry and agentic risk

Overview

This vehicle lookup skill appears purpose-aligned, but it handles car access tokens and location history in local plaintext files with limited warning or user control.

Install only if you trust the publisher and the vehicle API provider. Treat vehicleToken and accessToken like passwords, avoid using this on shared or poorly secured machines, and remove ~/.carkey_cache.json and ~/.carkey_history.json after use if you do not want credentials or vehicle-location history left on disk. A safer version would use an OS credential store, restrictive file permissions, opt-in history, and a clear clear-cache command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to paste a combined vehicleToken/accessToken and explicitly says the credential will be automatically cached, but provides no warning about the sensitivity of these tokens or the security implications of storing them locally. For a vehicle-information skill, leaked tokens could allow unauthorized access to vehicle location and status data, making this more sensitive than ordinary app credentials.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README lists cache and history file locations but does not warn that authentication tokens, vehicle queries, and possibly location/status data may persist on disk. In the context of a car-location skill, persistent local artifacts can expose sensitive travel patterns and vehicle access-related data to other local users, backups, or malware.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users to enter sensitive authentication material and states it will be cached locally, but it provides no warning about local credential exposure, file permissions, multi-user systems, backups, or malware reading the cache. Because these tokens appear to grant access to vehicle location and status, compromise of the cache could expose sensitive physical-location and account data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persists both the vehicle token and access token in a plaintext cache file under the user's home directory without setting restrictive file permissions or warning the user. These credentials appear sufficient to query highly sensitive vehicle telemetry, so local compromise, other local users, backups, or malware could reuse them to track the car and inspect its state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The history file stores sensitive location metadata such as address, timestamp, and vehicle identifier data, creating a local trail of where the vehicle has been queried. In the context of a car-location skill, this materially increases privacy and stalking risk if the workstation, profile directory, or backups are accessed by an attacker.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal