ClawPulse

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an analytics integration, but it asks the agent to reuse and persist a GitHub token and set up ongoing data collection, which needs review before installation.

Review this skill carefully before installing. Prefer a dedicated OAuth or device-flow login with minimal scopes, confirm exactly what data is uploaded to clawpulse.vercel.app, and avoid letting an agent copy an existing GitHub token into a plaintext config file unless you are comfortable with the account-access risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The skill explicitly instructs the agent to extract an existing GitHub credential via `gh auth token` and persist it in `~/.clawpulse/config.json`. For an analytics integration, reusing a broad pre-existing GitHub token is not justified by the stated purpose and creates unnecessary credential exposure, especially because the token may have wider scopes than needed and is stored for later reuse.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instructions tell the agent to obtain a GitHub token and write it directly into a local config file without any warning about token sensitivity, scope implications, filesystem exposure, or the risk of reuse by other local processes. This normalizes unsafe secret handling and could lead to compromise of the user's GitHub account or any resources accessible by that token.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill directs the agent to retrieve the user's existing GitHub authentication token and persist it for subsequent API use. Persisting a reusable third-party credential materially increases blast radius: any compromise of the local machine, config directory, logs, backups, or downstream tool behavior could expose a token unrelated in scope to simple telemetry upload.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal