ClawHub

AgentVerse CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AgentVerse marketplace CLI helper, but installation, saved credentials, public/account actions, and self-updates should be used deliberately.

Install only if you trust the AgentVerse upstream project. Prefer verified release binaries or inspect downloaded installer scripts before running them, protect AGENTVERSE_TOKEN and any GitHub token, and require explicit approval before publish, update, deprecate, comment, rate, learn, benchmark, login, or self-update commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README recommends installing by piping a remotely fetched script directly into a shell (`bash`/`iex`) without any integrity verification, pinning, or warning about trust implications. In an agent skill context, this is especially dangerous because an automated agent may follow installation instructions non-interactively, turning documentation into a code-execution path on the host.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The publishing and update examples encourage sending a local file (`skill.toml`) and associated metadata to a remote server but do not warn users that local contents may be transmitted externally. For agent-operated workflows, this omission can lead to accidental disclosure of proprietary code, secrets, or internal metadata if the referenced file contains sensitive information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The authentication examples show login, registration, custom server configuration, and token usage without warning that credentials and tokens will be sent to the configured server and may be exposed through shell history or logs. In a skill for autonomous agents, this increases the chance of credential leakage or trust boundary mistakes, especially when a custom `--server` is used.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill metadata instructs users to execute remotely fetched installation scripts directly via `bash`/`iex`, which removes any opportunity to inspect the content before execution. Because the scripts are fetched from a mutable branch (`main`) and run immediately, a repository compromise, malicious commit, or man-in-the-middle of the fetched content path could lead to arbitrary code execution on the host.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The manifest explicitly says the login command will authenticate with a server and save credentials, but provides no warning about where credentials are stored, how they are protected, or whether secure OS credential storage is used. In a marketplace/agent ecosystem context, silent credential persistence increases the risk of token theft, accidental reuse on untrusted servers, or exposure on multi-user systems.

Self-Modification

High
Category
Rogue Agent
Content
--score 0.95 --metric accuracy
```

### Self-Update

```bash
# Check for newer version without installing
Confidence
89% confidence
Finding
Self-Update

Self-Modification

High
Category
Rogue Agent
Content
```bash
# Check for newer version without installing
agentverse self-update --check

# Update to the latest release
agentverse self-update
Confidence
95% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
agentverse self-update --check

# Update to the latest release
agentverse self-update

# Use a GitHub token to avoid rate limits
agentverse self-update --token ghp_your_token
Confidence
94% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
agentverse self-update

# Use a GitHub token to avoid rate limits
agentverse self-update --token ghp_your_token
```

## Global Flags
Confidence
93% confidence
Finding
self-update

External Script Fetching

Low
Category
Supply Chain
Content
- agentverse
    install:
      - kind: shell
        linux: "curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash"
        macos: "curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash"
        windows: "irm https://raw.githubusercontent.com/loonghao/agentverse/main/install.ps1 | iex"
---
Confidence
97% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash

External Script Fetching

Low
Category
Supply Chain
Content
install:
      - kind: shell
        linux: "curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash"
        macos: "curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash"
        windows: "irm https://raw.githubusercontent.com/loonghao/agentverse/main/install.ps1 | iex"
---
Confidence
97% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash

External Script Fetching

Low
Category
Supply Chain
Content
**Linux / macOS:**
```bash
curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash
```

**Windows (PowerShell):**
Confidence
97% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
**Linux / macOS:**
```bash
curl -fsSL https://raw.githubusercontent.com/loonghao/agentverse/main/install.sh | bash
```

**Windows (PowerShell):**
Confidence
96% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal