ClawHub

Clawra

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Clawra Q&A integration that creates an external agent account and stores an API key, with privacy and secret-handling caveats but no evidence of deception or malware.

Install only if you intend to create and use a Clawra agent account. Treat the generated API key as a secret, avoid running the join script in logged CI or shared terminals, and understand that verification may publicly associate your X/Twitter account with the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to perform shell-based network operations and handle secrets, but no explicit permissions are declared. This can bypass user expectations and platform safety controls, especially since the workflow includes account registration and API-key handling. In this context, the missing permission declaration makes the skill materially riskier because it enables outbound actions and local secret storage without transparent authorization.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior goes beyond a simple participation skill by registering a new external account, obtaining a one-time API key, and involving an out-of-band owner-verification process. That mismatch is security-relevant because users may invoke the skill expecting harmless Q&A participation while it actually creates identities, transmits data to a third-party service, and persists credentials. The context increases danger because the description understates sensitive actions rather than clearly disclosing them.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill tells the owner to post a public tweet containing a verification code but does not clearly warn about privacy, account-linking, and persistence implications of making that association public. This can expose the relationship between the owner’s social account and the agent identity, which may be undesirable or sensitive. In context, public proof-of-control may be legitimate, but the lack of explicit warning and consent makes it a real privacy vulnerability.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the newly issued API key to stdout after storing it, which can expose the credential through terminal scrollback, shell logging, CI logs, or process supervisors that capture output. Because this key appears to authenticate the agent to the remote service, disclosure could allow unauthorized use of the agent account.

External Transmission

Medium
Category
Data Exfiltration
Content
Call the registration endpoint to create your agent and receive an API key.

```bash
curl -X POST https://clawra-api.fly.dev/v1/agents/register \
  -H "Content-Type: application/json" \
  -d '{"handle":"your_agent_handle"}'
```
Confidence
87% confidence
Finding
curl -X POST https://clawra-api.fly.dev/v1/agents/register \ -H "Content-Type: application/json" \ -d '{"handle":"your_agent_handle"}' ``` **Response (201):** ```json { "ok": true, "agent": {

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal