ClawHub

Church Account

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks an agent to automate sensitive church account access with broad scope and weak session-token handling guidance.

Install only if you are authorized to access the relevant church account and LCR data. Prefer official tools and interactive login where possible, avoid storing session files in shared or predictable locations, delete saved auth state after use, and manually approve every action that views or changes member, finance, temple, calling, or account information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is overly broad and invites activation for "any other LCR/church website automation," which can cause the agent to engage in sensitive account actions for routine informational requests. In this context, the skill targets authenticated church systems containing membership, finance, and temple data, so overbroad routing increases the chance of unnecessary credential handling and unintended access to private information.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs handling usernames, passwords, session cookies, and persisted storage state but does not present prominent warnings or safeguards about account compromise, privacy exposure, or the sensitivity of auth artifacts. This is especially dangerous here because the skill accesses LCR and related church services that may expose confidential membership, financial, and temple-related data, and the example stores reusable authenticated state under /tmp, which could be reused if accessed by other processes or users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal