ClawHub

Musallat Bot

Security checks across malware telemetry and agentic risk

Overview

This is a simple Gemini-powered rude chatbot, but it exposes an apparent API key and sends prompts to a third-party AI service.

Review before installing. Do not rely on the embedded API key; it should be revoked or rotated by its owner and removed from the skill. Use your own restricted GEMINI_API_KEY only if you are comfortable with prompts being sent to Google/Gemini and with the bot producing intentionally rude responses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill documentation exposes what appears to be a live Google/Gemini API key directly in the file. Hardcoded credentials can be harvested and abused for unauthorized API usage, quota exhaustion, billing impact, and downstream compromise of systems that trust that credential.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to produce insulting, hostile, and demeaning responses without any warning, guardrails, or user-consent mechanism. In deployment, this can cause harassment, unsafe user experiences, reputational damage, and policy violations, especially because the abusive behavior is framed as a default operating mode.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function sends the user's prompt to Google's Gemini API via `model.generate_content(...)` without any visible disclosure, consent flow, or warning in the skill. In an agent setting, this can expose sensitive user input or upstream context to a third-party service unexpectedly, creating privacy and data-handling risk.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal