ClawHub

Agentgate Clawhub

Security checks across malware telemetry and agentic risk

Overview

Agentgate looks like a legitimate API gateway skill, but it exposes broad personal-data and write access with an optional approval-bypass mode that users should review carefully.

Install only if you intentionally operate an agentgate server and understand what services it connects to. Keep write-approval enabled unless you have a tightly scoped, audited reason to use bypass mode, restrict the API token to least privilege, and review any memory or inter-agent messaging configuration before allowing sensitive personal or account data through it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill description frames agentgate primarily as a personal-data gateway with write approval, but the documented capabilities also include inter-agent messaging and persistent memory. Those extra features materially expand the attack surface and data-handling scope, which can lead users or orchestrators to grant trust or invoke the skill under narrower assumptions than the documentation actually permits.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation presents human-in-the-loop approval as a core safety property, then immediately notes a bypass mode where writes execute without approval. This undermines the advertised trust model and creates a path for immediate modification of connected services if the skill is used with a trusted or misconfigured agent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
This is a powerful gateway skill with access to multiple personal, messaging, social, code, and IoT services, but the manifest does not define narrow invocation constraints or clear limits on when it should be used. Broad invocation scope increases the chance that an agent calls it in unrelated contexts, exposing sensitive data or initiating high-impact actions across many integrated systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Bypass mode is mentioned without a prominent user-facing warning that it disables the normal approval safeguard for write actions. In a skill centered on safety controls, omission of that warning can mislead operators and users into overestimating protections and trusting the skill in higher-risk environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal