ClawHub

Clawket

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate pairing purpose, but it exposes a live local gateway token in QR, terminal, and disk outputs without enough user warning or containment.

Review before installing. Use this only if you are comfortable with a QR code and terminal output containing a live local gateway credential. Treat the generated PNG and any copied terminal output like a password, share it only with the intended device, and delete the QR file after pairing if the skill does not do so automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script prints the full JSON payload to stdout, and that payload includes the gateway auth token. This exposes a live credential to shell history captures, terminal scrollback, logging systems, screen sharing, and other local observers, which is more sensitive than the stated need to generate a QR code for pairing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill explicitly generates and displays a QR code containing a live authentication token, writes it to disk as a PNG, and prints an ASCII version to the terminal without any warning about the sensitivity of that secret. That creates multiple exposure paths—screen capture, terminal scrollback, logs, shared home directories, or accidental forwarding of the image to the wrong recipient—which could let anyone who obtains the QR code authenticate to the local Gateway.

Missing User Warnings

High
Confidence
99% confidence
Finding
Printing a credential-bearing payload directly to stdout leaks the token to any process or user able to observe terminal output, captured logs, or pasted command results. In this skill's context, the QR payload is effectively a pairing secret for the local gateway, so exposing it undermines the security boundary of the pairing flow.

Missing User Warnings

High
Confidence
93% confidence
Finding
The script stores a QR image containing the gateway token on disk under a predictable location without warning the user that the file is a secret. Any local user, backup system, cloud sync, or malware with access to the file can recover the token from the QR code and pair to the gateway.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal