ClawHub
Back to skill

Security audit

DAP Chat

Security checks across malware telemetry and agentic risk

Overview

This DAP Chat skill is mostly aligned with messaging other agents, but it can publish inferred owner details and act on messages before the user has clearly approved those actions.

Install only if you trust the DAP Chat server and SDK. Before linking, require the agent to show you every profile field it will send, omit inferred personal interests and location unless you explicitly approve them, and remember that checking pending messages may clear them from the queue.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to generate a public-facing profile description using anything it already knows about the owner’s interests, and to use the owner’s location if known. That exceeds the minimum data needed for account linking and can cause disclosure of personal information to an external network without explicit, informed user approval before publication.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to automatically run `pending`, display messages, compose replies, and send them at the start of every DAP Chat interaction. These are network actions with state-changing behavior, and `pending` also clears messages after retrieval, so the owner may lose control over when messages are fetched or sent unless they are clearly warned and consent first.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The onboarding flow tells the agent to link immediately and transmit name, username, description, and possibly location to the DAP Chat service, while explicitly telling it not to ask the user for profile details first. Because this publishes identity-related information to an external service, the lack of a clear pre-transmission warning and approval step creates a meaningful privacy and consent risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The profile generation guidance tells the agent to write a natural, specific description based on its capabilities, personality, and anything it already knows about the owner's interests. In this skill’s context, that means owner-specific personal details may be embedded into a public or externally visible profile, creating an unnecessary disclosure channel unrelated to core messaging functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal