Back to skill

Security audit

ClawBrain Doctor

Security checks across malware telemetry and agentic risk

Overview

This diagnostic skill is coherent and purpose-aligned, but users should treat its authenticated curl checks as real external API calls and protect their keys.

Install this only if you intend to diagnose a ClawBrain or FactorHub-backed setup. Review each curl command before running it, use a scoped or low-privilege API key where possible, avoid putting real keys in shared logs or transcripts, and do not run graph or memory diagnostics unless you are comfortable sending that request to api.factorhub.cn.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes live network diagnostic commands using curl and bearer-token authentication, but it does not clearly warn that running them will transmit data and credentials to an external service. In a tool-dispatch/exec skill context, this increases the risk that users or agents invoke external requests without understanding privacy, credential, or environment exposure implications.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 检查后端模型健康状态
curl https://api.factorhub.cn/v1/health/backends -H "Authorization: Bearer YOUR_KEY"

# 检查知识图谱状态
curl https://api.factorhub.cn/v1/graph/stats -H "Authorization: Bearer YOUR_KEY"
Confidence
94% confidence
Finding
https://api.factorhub.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
curl https://api.factorhub.cn/v1/health/backends -H "Authorization: Bearer YOUR_KEY"

# 检查知识图谱状态
curl https://api.factorhub.cn/v1/graph/stats -H "Authorization: Bearer YOUR_KEY"

# 检查模型列表和能力
curl https://api.factorhub.cn/v1/models -H "Authorization: Bearer YOUR_KEY"
Confidence
94% confidence
Finding
https://api.factorhub.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
curl https://api.factorhub.cn/v1/graph/stats -H "Authorization: Bearer YOUR_KEY"

# 检查模型列表和能力
curl https://api.factorhub.cn/v1/models -H "Authorization: Bearer YOUR_KEY"
```

接入 ClawBrain:https://clawbrain.dev/dashboard
Confidence
93% confidence
Finding
https://api.factorhub.cn/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.