ClawHub

Agent Passport

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local consent and audit tool with optional Pro network updates, but users should understand its broad templates and recurring license-key checks before enabling them.

Install this if you want agents to use a local mandate and audit workflow before sensitive actions. Keep it in free/offline mode if you do not want vendor network calls. Only set AGENT_PASSPORT_LICENSE_KEY if you accept periodic HTTPS requests to api.agentpassportai.com for license checks and threat-definition updates, and use narrow templates instead of broad options like full-auto.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code claims rate-limit windows such as per hour/day, but actually enforces only a cumulative lifetime count. Users may rely on a safety control that is not implemented, allowing actions to occur at a much higher burst rate than expected within a short period.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The 'read-only' template creates a mandate with action_type 'data', and this script's own model defines 'data' broadly enough to include deletions and writes. That means a user selecting a supposedly read-only template could authorize destructive data operations unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly advertises that Pro users get threat definition updates every 6 hours silently in the background, which implies recurring network activity and remote content ingestion without a strong, prominent consent or disclosure model. In a security product, silent background updates expand the trust boundary and can surprise users in supposedly local/offline deployments, creating privacy, integrity, and supply-chain risk if the update channel is compromised or misunderstood.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Local mode section says Pro tier performs periodic API calls for license validation and threat definition updates, which conflicts with the user's likely expectation that 'local' means no ongoing external communication. This is risky because it can lead to unanticipated data egress, reduced deployability in sensitive environments, and reliance on remote infrastructure for a component marketed as a security control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script performs a background network call that transmits the license key automatically and silently when definitions are stale. Silent credential-bearing egress reduces user awareness and can violate expectations in local-security tooling, especially because it is triggered non-interactively.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
License validation sends a bearer credential from the environment to a remote endpoint without explicit user-facing disclosure at the point of use. In a security-sensitive tool, undisclosed credential egress is risky because operators may not realize local execution depends on remote validation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Fetching live threat patterns also transmits the license key to a vendor API without an obvious user-facing warning. Because this tool presents itself as defensive local security infrastructure, undisclosed outbound credential use increases trust and privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal