ClawHub

AliasKit

Security checks across malware telemetry and agentic risk

Overview

AliasKit is openly an identity, messaging, 2FA, and payment skill, but it gives an agent broad persistent authority with weak consent and secret-handling controls.

Install only if you intentionally want an agent to manage a persistent AliasKit identity with email, SMS, 2FA, and payment features. Require explicit approval before every signup, purchase, card reveal, message send, TOTP action, deletion, or card cancellation; keep identity.json out of shared folders, backups, logs, and version control; and prefer a locked-down environment and pinned dependency version before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The guardrail says never create a second identity, yet the documented code includes create, list, and delete operations for identities. Conflicting instructions around identity lifecycle can lead an agent to provision extra identities or delete the wrong one, causing account sprawl, data loss, or bypass of intended controls tied to a single persistent identity.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger language is extremely broad, covering almost any operation involving identity, communication, payments, verification, or signups. That increases the chance of automatic invocation in contexts where the user did not intend to expose real email, phone, DOB, payment methods, or 2FA material, magnifying the risk of privacy breaches and unauthorized transactions.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section instructs the agent to load and use highly sensitive identity, messaging, and payment material by default, including real email, phone, DOB, card operations, and verification flows, without prominent up-front consent and risk warnings. In this skill context, that is especially dangerous because the skill is expressly designed to perform real-world identity proofing, purchases, and message interception, so unintended use can directly affect finances, accounts, and personal privacy.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents destructive actions such as deleting identities and related sensitive resources without corresponding user-facing warnings or strong confirmation requirements. In a skill that controls persistent identity and communications, accidental or prompt-induced deletion can cause irreversible loss of access, messages, and linked service state.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes highly sensitive material to disk in cleartext, including the API key, identity ID, name, email, phone, date of birth, and a card-related key, with no warning, consent, access control, or permission hardening. In the context of a skill whose purpose is to provide persistent real-world identity and payment artifacts, local plaintext storage materially increases the risk of credential theft, identity abuse, and unauthorized purchases if the workstation, repo, backups, or logs are accessed.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script retrieves an identity record from an external service without an explicit disclosure that personal data will be transmitted and fetched, which undermines informed consent and privacy expectations. While this is primarily a privacy and compliance weakness rather than code execution, the danger is elevated because the skill handles real email, phone, date-of-birth, and payment-linked identity data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script can create a new external identity with phone provisioning without a prominent warning that it is creating a third-party account and causing personal data to be generated, processed, and persisted. Given this skill's purpose—equipping an agent with a persistent digital identity, phone number, and payment capability—silent or under-disclosed account creation creates significant privacy, consent, and abuse risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal