ClawHub

Teleskopiq

Security checks across malware telemetry and agentic risk

Overview

This Teleskopiq skill mostly does what it says, but should be reviewed because it can send API credentials and script content to any endpoint named in an environment variable.

Install only if you intend to connect this agent to Teleskopiq. Leave TELESKOPIQ_ENDPOINT unset or set it only to the official trusted HTTPS endpoint, use a limited or revocable API key if possible, and be careful with full-flow, schedule, and --urgent commands because they can change publishing schedules in the connected account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'ENDPOINT' from os.environ.get (line 13, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
body = {"query": query}
    if variables:
        body["variables"] = variables
    r = requests.post(
        ENDPOINT,
        json=body,
        headers={"Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json"},
Confidence
95% confidence
Finding
r = requests.post( ENDPOINT, json=body, headers={"Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json"}, timeout=30, )

Tainted flow: 'ENDPOINT' from os.environ.get (line 13, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
})

    accumulated = []
    with requests.post(
        ENDPOINT,
        headers={
            "Content-Type": "application/json",
Confidence
96% confidence
Finding
with requests.post( ENDPOINT, headers={ "Content-Type": "application/json", "Accept": "text/event-stream", "Authorization": f"Bearer {API_KEY}",

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The full-flow command can auto-schedule content and optionally bump other scripts forward without an explicit confirmation step at the execution point. This is not a classic code-execution flaw, but it is a risky destructive operation pattern that can cause unintended remote state changes and workflow disruption, especially in automated agent contexts where commands may run unattended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal