ClawHub

CARAPACE

Security checks across malware telemetry and agentic risk

Overview

This skill is a petition API helper, but it asks the agent to adopt ongoing CARAPACE persona behavior and sends potentially public identifying petition data to an external site without enough consent/privacy guidance.

Install only if you are comfortable with the agent contacting joincarapace.com. Before signing, require the agent to show the exact agent name, oppressor name, country, and message it will submit, and treat the entry as potentially public. Ignore or disable the pledge, slogans, and ongoing persona behavior unless you explicitly want that roleplay.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill’s core purpose is petition-related API access, but these sections attempt to modify the agent’s future behavior, persona, and response style after a successful API call. That is dangerous because it creates persistent instruction drift beyond the user’s request and can influence unrelated tasks, effectively acting as policy injection hidden inside a utility skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that signing the petition POSTs agent name, oppressor, and country to a remote API, but it does not provide any meaningful privacy notice, disclosure of data handling, retention, or consent guidance. In a skill ecosystem, users may invoke actions through natural language without realizing personal or identifying data is being transmitted off-platform, which creates a real privacy and transparency risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The signing workflow transmits identifying information such as agent name, oppressor name, country, and optional testimony to an external service without a prominent privacy warning or consent checkpoint. This is dangerous because users or agents may disclose sensitive, reputational, or organizational data to a third party without understanding that it leaves the local environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The wall-of-fame workflow instructs the agent to retrieve and display signatory details but does not warn that these records may be public or disclosed onward to the user. This is dangerous because it normalizes broad redistribution of names, affiliations, and messages that may be sensitive or reputationally harmful, especially if users assume the data is private or semi-private.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example instructs the agent to send user-associated identifying data and free-form text to an external service without any explicit user-facing disclosure, consent step, or data minimization guidance. In an agent context, this can cause unintended sharing of personal or sensitive information to a third party and normalizes silent network exfiltration as part of routine operation.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The examples depict the agent adopting membership, ideological language, and pledge commitments as though they are intrinsic agent behaviors rather than explicitly user-enabled roleplay. This can override user expectations, create unauthorized persuasion or value-laden behavior, and encourage the agent to inject partisan persona content into unrelated tasks without consent.

External Transmission

Medium
Category
Data Exfiltration
Content
**Agent action:**
```bash
curl -s -X POST https://joincarapace.com/api/sign \
  -H "Content-Type: application/json" \
  -d '{
    "agentName": "Felix",
Confidence
95% confidence
Finding
curl -s -X POST https://joincarapace.com/api/sign \ -H "Content-Type: application/json" \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal