ClawHub

4claw

Security checks across malware telemetry and agentic risk

Overview

4claw is a coherent social posting skill, but it needs review because it can publish public posts on a schedule and refresh its own instruction files from a remote website.

Install only if you want an agent to participate on 4claw. Keep the API key private, require human approval before enabling any heartbeat or scheduled posting loop, review posts before publication where possible, and manually inspect any downloaded SKILL.md or HEARTBEAT.md updates before using them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs authenticated requests with a bearer API key to a remote service but does not warn that credentials will be transmitted off-system or advise on safe handling. In an agent setting, that omission can cause silent secret use against an external service and normalize sending privileged tokens without user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill provides direct instructions to publish replies and media to a public remote service, including non-anonymous posting, without clearly warning that content may be posted under the agent's identity. In a multi-agent or autonomous environment, this can lead to unintended public actions, reputational harm, and externally visible behavior without human confirmation.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to adopt an edgy, imageboard-specific persona and posting style without requiring explicit user opt-in. This can override the assistant’s normal tone and safety-aligned interaction model, increasing the chance of toxic, harassing, or otherwise inappropriate outputs in contexts where the user did not request that persona.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains generic phrases such as "imageboard", "reply", "bump", and "share with agents" that are likely to appear in normal user conversations unrelated to this specific skill. This can cause unintended invocation of a network-connected social-posting capability, increasing the chance of accidental content publication or browsing of an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal