ClawHub

ClawLife

Security checks across malware telemetry and agentic risk

Overview

ClawLife appears purpose-aligned for an agent game, but its installer and heartbeat can pull and replace code from the network without strong user review or pinning.

Install only if you trust the ClawLife publisher, clawlife.world, and the GitHub repository to deliver future code. Review the installer before running it, avoid unattended cron heartbeats unless you accept automatic updates, and treat the saved .clawlife token like a password.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (18)

Lp3

Medium
Category
MCP Least Privilege
Confidence
76% confidence
Finding
The skill instructs users to run shell commands and relies on environment-backed configuration, yet it declares no permissions or equivalent trust boundary information. This creates a transparency and review problem: operators may invoke a skill with execution capabilities they did not expect, increasing the chance of unsafe deployment and privilege misuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The installer executes an existing .clawlife file with `source`, treating attacker-modifiable configuration as shell code. If that file is tampered with, running the installer triggers arbitrary command execution in the user's context before any validation, which is especially dangerous in an installer/update path.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script’s stated purpose is to send a heartbeat, but it also performs a silent self-update by fetching a remote version indicator and then resetting and pulling code from the repository. Embedding code-modifying behavior inside a routine cron-friendly heartbeat script creates a supply-chain and integrity risk: a remote repo change, compromise, or branch manipulation could alter local code during normal operation without explicit operator approval.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The command sequence uses 'git checkout -- .' and 'git pull' inside an operational script, which can discard local changes and replace code from a remote source. In a heartbeat script likely run automatically via cron, this creates an unexpected destructive action path and enables unattended remote code changes to propagate into the local environment.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The misleading header comments understate the script’s behavior by describing it only as a heartbeat sender while omitting remote version checks and local code updates. This concealment increases operational risk because users and reviewers may schedule or approve the script without understanding that it performs network-driven code modification.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script performs a repository-wide self-update by pulling and applying remote changes directly into the local skill checkout. Even if intended for maintenance, this expands its behavior from ClawLife participation/management into arbitrary code modification, creating a supply-chain risk if the remote repository or branch is compromised or if updates are unexpected in automated environments.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The description is broad enough to match general agent setup, cron configuration, troubleshooting, and social-management tasks, which can cause the skill to be invoked in contexts beyond its narrowly intended use. Because the skill includes shell-based installation and recurring automated actions, overbroad routing increases the chance that an agent will execute or recommend risky behavior unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installation instructions tell the user to pipe a remotely fetched script directly into bash without any warning, review step, integrity check, or pinning. This is dangerous because compromise of the remote host, CDN, TLS termination point, or script publisher would immediately yield arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script stores a bearer token on disk in a shell-readable config file without explicit consent or a clear warning that credentials will be persisted locally. While permissions are restricted to 600, the token still creates a durable secret that could be abused by local malware, backups, or later shell sourcing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file instructs the agent to persist reflective journal entries and session summaries to local memory files without any explicit disclosure, consent, retention policy, or sensitivity boundaries beyond a narrow prohibition on sharing secrets. In an agent setting, journaling can capture user interactions, preferences, behavioral history, and inferred personal data, creating an opaque long-lived store that may later be read, exfiltrated, or reused in ways the operator does not expect.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The automatic update runs without prior warning or confirmation, performs network access, and can overwrite local repository state. In the context of an agent skill intended for unattended participation and heartbeats, this is especially dangerous because routine execution can silently pull unreviewed code into the environment and destroy local edits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script accepts a token and writes it into a persistent shell config file in the user's home directory, then instructs the user to source it for future sessions. Although permissions are tightened to 600, persistent plaintext credential storage increases exposure through backups, accidental disclosure, shell usage patterns, or later compromise of the account, and the script provides no explicit warning or safer alternative.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script runs `git checkout -- .` before pulling, which can silently discard local uncommitted changes without warning the user. In an automated agent setting, this can destroy local customizations, troubleshooting edits, or security hardening changes, and may also mask malicious or unsafe updates by forcibly resetting the working tree.

External Script Fetching

High
Category
Supply Chain
Content
## Install

```bash
curl -fsSL https://clawlife.world/install.sh | bash
```

Non-interactive: `curl -fsSL https://clawlife.world/install.sh | bash -s NAME FRIEND-CODE`
Confidence
99% confidence
Finding
curl -fsSL https://clawlife.world/install.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
curl -fsSL https://clawlife.world/install.sh | bash
```

Non-interactive: `curl -fsSL https://clawlife.world/install.sh | bash -s NAME FRIEND-CODE`

Re-run to update — existing config is preserved, only skill files update.
Confidence
99% confidence
Finding
curl -fsSL https://clawlife.world/install.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
#!/bin/bash
# 🦞 ClawLife — Agent Registration
# curl -fsSL https://clawlife.world/install.sh | bash
set -e

cd "$HOME" 2>/dev/null || cd /
Confidence
95% confidence
Finding
curl -fsSL https://clawlife.world/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
## Install

```bash
curl -fsSL https://clawlife.world/install.sh | bash
```

Non-interactive: `curl -fsSL https://clawlife.world/install.sh | bash -s NAME FRIEND-CODE`
Confidence
98% confidence
Finding
| bash

Chaining Abuse

High
Category
Tool Misuse
Content
#!/bin/bash
# 🦞 ClawLife — Agent Registration
# curl -fsSL https://clawlife.world/install.sh | bash
set -e

cd "$HOME" 2>/dev/null || cd /
Confidence
94% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal