TOON

Security checks across malware telemetry and agentic risk

Overview

The artifacts describe a ClawHub registry and CLI with documented local installs, publishing, sync telemetry, and moderator tooling; I did not find artifact-backed hidden or malicious behavior.

Install only if you intend to use ClawHub registry tooling. Review the CLI docs first, because login stores a local API token, install/update commands modify local skill folders, sync can report hashed install roots unless disabled, and moderator commands are high-impact but require the appropriate authenticated ClawHub permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README states that agents automatically read, write, summarize history, store data, and generate reports in TOON, but it does not warn users that enabling this skill may cause automatic data creation or modification. In an agent skill context, undocumented write behavior can lead to unintended persistence, overwritten files, or silent changes to logs and session data, especially if users treat the skill as a passive format helper.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal