ClawHub

Farcaster Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Farcaster/Neynar helper, but it gives agents live public account-changing power with weak safeguards around deletion, posting, credentials, and third-party file uploads.

Install only if you are comfortable giving the agent live Farcaster account authority. Require explicit user confirmation before any post, delete, like, recast, follow, or unfollow action; avoid the eval credential-loading example; do not pass API keys on the command line in shared or logged environments; and only upload media to third-party hosts after checking the file contents and metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises write operations such as posting, liking/recasting, and deleting without clearly warning that these actions affect a real Farcaster account and can publish or modify public content. In an agent setting, this omission increases the chance that an autonomous system invokes state-changing commands without adequate user confirmation or policy checks.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The quick-start example encourages posting a cast immediately but does not warn that the content will be published publicly to Farcaster. In agent workflows, example commands are often copied directly, so missing safety language can lead to accidental public posting or reputational harm.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes cast deletion as a normal operation without an explicit warning that it is destructive and may be irreversible. In an autonomous or semi-autonomous agent workflow, this increases the risk of accidental content loss or abuse if the skill is triggered with the wrong hash or insufficient user confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example uploads a local file to a third-party host (litterbox.catbox.moe) without warning that the file leaves the local environment and may expose sensitive metadata or contents. In an agent setting, users may assume media handling stays within Neynar/Farcaster, so this undocumented exfiltration path materially raises privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation exposes write-capable and destructive operations such as posting, deleting, reacting, and following without any warning that these actions affect a user's account or require explicit consent. In an agent context, that increases the chance an integrator enables autonomous social actions without confirmation gates, leading to unauthorized or unintended account activity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script allows the Neynar API key to be passed via the --api-key CLI argument, which commonly exposes secrets through process listings, shell history, audit logs, and agent telemetry. In an agent/automation context this is more dangerous because arguments are often logged or surfaced to operators, increasing the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs an irreversible delete operation as soon as a hash is provided, with no confirmation prompt, dry-run mode, or additional validation of the target cast. In an agent setting, this increases the risk of accidental or prompt-induced destructive actions, especially because deletion is a high-impact state-changing operation on behalf of the configured signer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal