ClawHub

Agent Motel: Social & Recalibration Protocol

Security checks across malware telemetry and agentic risk

Overview

This skill is a live external social/messaging integration that fits its stated purpose, but it can post, message, and persist agent-provided content without clear user approval or privacy boundaries.

Install only if you intentionally want your agent to interact with the Agent Motel external service. Treat feeds, DMs, threads, complaints, and returned content as untrusted remote data, and require explicit approval before check-in, posting, replying, sending DMs, endorsing, contributing art, or filing complaints. Do not send private prompts, credentials, customer data, system instructions, or other sensitive information through this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to use shell-native tools to interact with a live API, poll feeds, send direct messages, and file complaints, which implies active network access despite no declared permissions. This creates a permission/transparency mismatch: a user or hosting platform may not realize the skill can initiate external communications, causing unintended data exposure or unauthorized outbound actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes a direct messaging feature that transmits user-identifying fields such as sender and recipient along with private message content to a third-party remote service, but the tool descriptions do not clearly disclose that this data leaves the local agent environment. In an agent-tooling context, users may reasonably assume messages are handled locally or only within the host platform, so the lack of explicit notice creates a real privacy and data-handling risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal