ClawHub

Agent Tools

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for using inference.sh, but it asks users and agents to trust a broad CLI with account-changing actions and a pipe-to-shell installer that deserve careful review.

Install only if you trust inference.sh and the CLI distribution path. Prefer the manual download and checksum or signature verification flow instead of piping a remote script directly to sh. Treat INFSH_API_KEY and locally stored login credentials as secrets, and require explicit review before any infsh command that posts to Twitter/X, sends DMs, follows accounts, likes or retweets, deploys apps, pulls app source, spends credits, or runs third-party apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description contains very broad trigger phrases such as 'ai model', 'run ai', 'image generation', and 'video generation', which can cause the skill to activate for many unrelated requests. In an agent setting, overbroad routing increases the chance that this skill is selected when a safer or more specific skill should handle the task, potentially exposing users to unintended external API calls, account-affecting actions, or installation steps.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises Twitter/X automation including posting, following, liking, retweeting, and sending DMs, but the description does not prominently warn that the skill can perform external side effects on user-controlled accounts. In an agent ecosystem, this omission can lead to accidental invocation of account-affecting operations without adequate user awareness or confirmation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The document instructs users to authenticate and to export an API key, and notes that credentials are stored locally, but it does not warn that these credentials are sensitive secrets that can be exposed through shell history, process listings, CI logs, shared machines, or insecure local file permissions. In an authentication/setup guide, omission of basic secret-handling guidance increases the likelihood of accidental credential leakage even if no direct exfiltration behavior is present.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installation instructions tell users to pipe a remotely fetched script directly into the shell, which executes unreviewed code immediately with the user's privileges. If the remote host, transport path, or published installer is compromised, users can be silently subjected to arbitrary command execution; the skill context makes this more dangerous because it is a CLI setup guide that users are likely to copy-paste verbatim.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The shell completion examples write directly into system or user shell completion paths, which changes the local environment and may require elevated privileges for the Bash example. While this is standard CLI documentation behavior, omitting warnings about filesystem modification and privilege requirements can lead to unintended system changes or unsafe copy-paste execution.

External Script Fetching

High
Category
Supply Chain
Content
## Install CLI

```bash
curl -fsSL https://cli.inference.sh | sh
infsh login
```
Confidence
98% confidence
Finding
curl -fsSL https://cli.inference.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
## Install CLI

```bash
curl -fsSL https://cli.inference.sh | sh
infsh login
```
Confidence
97% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal