Back to skill

Security audit

Crabwalk

Security checks across malware telemetry and agentic risk

Overview

Crabwalk appears to be a real monitoring tool, but it exposes sensitive agent activity, workspace files, and gateway-token-backed access through a network-facing server with weak default scoping.

Install only if you trust the publisher and are comfortable exposing live agent activity and workspace files. Prefer running it on localhost, avoid sharing the LAN URL on untrusted networks, provide the gateway token explicitly only when needed, review what workspace path is exposed, and avoid automated sudo or noninteractive package installs for optional QR support.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The install step does more than install the monitoring tool: it modifies shell startup files, alters PATH persistently, downloads and extracts a remote release tarball via a shell pipeline, and may install additional system packages. Those are broad environment changes not strictly necessary for a monitoring skill and increase supply-chain and host-modification risk if the release or instructions are compromised.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented features include a `/workspace` file browser and markdown viewer plus token auto-detection, which materially expand capability beyond 'real-time companion monitor'. In context, this can expose local files and credentials through a service whose description does not clearly justify or bound that access, raising the risk of unintended sensitive-data disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly tells the user to share a network IP URL and the CLI defaults to binding on `0.0.0.0`, making the monitoring interface reachable beyond localhost. Without warnings about authentication, network trust boundaries, or sensitive data in the UI, this can expose agent activity and possibly other content to anyone on the local network.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Documenting a workspace browser and automatic token discovery without strong warnings normalizes access to potentially sensitive local files and secrets. Because the same tool is positioned as a monitoring companion and may be network-accessible, the omission materially increases the chance of credential leakage or inadvertent exposure of workspace contents.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# Install qrencode for QR code display (optional)
if ! command -v qrencode &>/dev/null; then
  if command -v pacman &>/dev/null; then
    sudo pacman -S --noconfirm qrencode 2>/dev/null || true
  elif command -v apt &>/dev/null; then
    sudo apt install -y qrencode 2>/dev/null || true
  elif command -v brew &>/dev/null; then
Confidence
82% confidence
Finding
--noconfirm

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Install qrencode for QR code display (optional)
if ! command -v qrencode &>/dev/null; then
  if command -v pacman &>/dev/null; then
    sudo pacman -S --noconfirm qrencode 2>/dev/null || true
  elif command -v apt &>/dev/null; then
    sudo apt install -y qrencode 2>/dev/null || true
  elif command -v brew &>/dev/null; then
Confidence
88% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if command -v pacman &>/dev/null; then
    sudo pacman -S --noconfirm qrencode 2>/dev/null || true
  elif command -v apt &>/dev/null; then
    sudo apt install -y qrencode 2>/dev/null || true
  elif command -v brew &>/dev/null; then
    brew install qrencode 2>/dev/null || true
  elif command -v dnf &>/dev/null; then
Confidence
88% confidence
Finding
sudo

Session Persistence

Medium
Category
Rogue Agent
Content
curl -sL "https://github.com/luccast/crabwalk/releases/download/${VERSION}/crabwalk-${VERSION}.tar.gz" | tar -xz -C ~/.crabwalk

# Install CLI
mkdir -p ~/.local/bin
cp ~/.crabwalk/bin/crabwalk ~/.local/bin/crabwalk
chmod +x ~/.local/bin/crabwalk
Confidence
80% confidence
Finding
mkdir -p ~/.local/bin cp ~/.crabwalk/bin/crabwalk ~/.local/bin/crabwalk chmod +x ~/.local

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Install qrencode for QR code display (optional)
if ! command -v qrencode &>/dev/null; then
  if command -v pacman &>/dev/null; then
    sudo pacman -S --noconfirm qrencode 2>/dev/null || true
  elif command -v apt &>/dev/null; then
    sudo apt install -y qrencode 2>/dev/null || true
  elif command -v brew &>/dev/null; then
Confidence
90% confidence
Finding
--noconfirm

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.