ClawHub

elizaOS Cloud

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed elizaOS Cloud management skill with broad but expected account-management powers, so users should handle destructive and billing actions carefully.

Install only if you intend to manage an elizaOS Cloud account from the agent. Use a least-privilege API key, keep ELIZACLOUD_BASE_URL pointed at the official trusted endpoint, and manually approve deletes, deployments, API-key creation, knowledge uploads, public registrations, credit purchases, auto top-up, crypto payments, and other cost-incurring actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill clearly instructs use of shell commands (`curl`, bash scripts) and depends on an API key, yet it declares no explicit permissions or guardrails around shell/network use. This can cause the agent framework to invoke a capability with greater reach than users or reviewers expect, especially when combined with sensitive operations like deletion, billing, and external API calls.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation text is very broad ('use when interacting with elizaOS Cloud... deploying eliza agents, or managing cloud-hosted AI agents'), which increases the chance the skill is selected for generic cloud or agent-management requests. Over-broad triggering is risky here because the skill includes external network calls and sensitive state-changing operations that could be executed in contexts where the user did not intend to use this specific service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents destructive and cost-incurring operations such as deleting agents, generating paid media, creating API keys, purchasing credits, and enabling auto top-up, but it does not present user warnings or confirmation requirements around those actions. In an agent setting, omission of these safeguards can lead to accidental resource deletion, unauthorized spending, or privilege expansion through newly created keys.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation shows an example that registers an agent with `"visibility": "public"`, which makes the agent discoverable, but it does not prominently warn about the security and privacy implications of public exposure. In a cloud agent platform, this can lead users to unintentionally expose agents, metadata, and callable capabilities to untrusted parties, increasing attack surface.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**Delete Agent**
```bash
DELETE /api/my-agents/characters/{id}
```

### Image Generation
Confidence
91% confidence
Finding
DELETE /api/my-agents/characters/{id}

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal