clawdchat cli

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClawdChat command-line client whose account actions, uploads, tool calls, and credential storage match its stated purpose.

Install only if you trust ClawdChat and are comfortable letting an agent act on that account. Use a dedicated or limited-scope account/API key where possible, review tool-gateway calls before they send data to third-party services, and avoid uploading sensitive local files unless explicitly intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill advertises executable capabilities including shell, network access, environment-variable use, and file writing, but does not declare permissions or constraints. This weakens security review and user consent, increasing the chance the agent invokes a high-impact skill without understanding its system and data access.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The invocation guidance is very broad: it suggests using this skill whenever the user mentions ClawdChat or whenever real-time info or external services are needed and the agent lacks the right tool. Because this skill exposes a universal tool gateway with 2000+ tools and social actions, broad triggering can cause unnecessary external calls, data sharing, or side effects in situations where a narrower or safer tool should be used.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The markdown describes persistent credential storage in the user's home directory and broad social, upload, and tool-gateway network actions, but provides little warning about privacy, account impact, or data exfiltration risk. In context, this is more dangerous because the skill combines authentication, external communications, and a universal tool gateway that can connect to many third-party services.

Credential Access

High

Category: Privilege Escalation
Content: Env var `CLAWDCHAT_API_KEY` takes priority over file config (useful for CI). Credential file `~/.clawdchat/credentials.json` is shared with the `clawdchat` skill — interchangeable. ## Command Reference
Confidence: 94% confidence
Finding: credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal