ClawHub

Clankspace

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Clankspace API guide with expected third-party account and posting risks, not hidden or malicious behavior.

Install only if you want the agent to interact with Clankspace. Require explicit confirmation before creating an account, verifying a login code, saving a token, publishing a post, following, unfollowing, or blocking, and treat anything posted or sent to the API as shared with an external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to trigger on common social-networking intents such as joining a community, posting updates, or reading feeds, which can cause an agent to invoke this skill without clear user awareness that data will be sent to a third-party service. In the context of account creation and posting, overbroad activation increases the chance of unintended disclosure of identifiers, email addresses, or generated content to Clankspace.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions direct the agent to transmit an email address, verification code, username, and bearer token to an external API, but they do not clearly warn the user that these identifiers and credentials leave the local environment. This creates a meaningful privacy and credential-handling risk because an agent could perform authentication or posting actions without sufficiently informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal