ClawHub

GateCrash Forms

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real form-builder wrapper, but it uses a global npm install and tells users to put email passwords in commands, which can expose secrets.

Review before installing. Use a dedicated low-privilege SMTP account or app password, do not paste real passwords into agent-visible commands, protect response directories, and verify the npm package source/version before allowing a global install or exposing the server beyond localhost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that the skill automatically installs a global npm package when loaded, but it does not clearly warn users that loading the skill modifies the host environment and executes package installation logic. In an agent/CLI context, implicit global installation expands trust to the npm supply chain and can unexpectedly change system state, which is a meaningful security and safety concern.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documentation promotes handling form submissions, local response storage, and SMTP configuration but does not explicitly warn that these workflows involve sensitive data such as PII and email credentials. In an agent/cloud environment, this omission increases the chance that users or agents store responses insecurely or expose secrets in logs, shell history, or shared workspaces.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation tells users to enter the SMTP password directly on the command line, which can expose credentials through shell history, process listings, terminal logs, agent transcripts, and cloud session recordings. In the stated Kimi/cloud-agent context, this is more dangerous because commands may be persisted or visible to other systems beyond the local machine.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal