ClawHub

agent-id.io

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed agent-id.io identity and key-management skill, but it handles long-lived private keys and should be used carefully.

Install only if you trust agent-id.io and are comfortable with a skill that creates and uses private cryptographic keys. Prefer encrypted keyfiles and interactive passphrase entry, avoid leaving decrypted keys or tokens in /tmp, verify any AGENT_ID_API override, and think carefully before deriving SSH or PGP keys from the same agent seed because compromise of that seed would compromise every derived identity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs use of shell commands, environment variables, and network access, yet it declares no permissions or capability boundaries. This creates a transparency and policy-enforcement gap: an agent or reviewer cannot easily determine that the skill can contact external services, handle secrets, and manipulate local files before use.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The documented purpose is managing identities on agent-id.io, but the skill also derives SSH and PGP private keys for broader external use. Extending a trust/identity skill into general-purpose credential generation materially increases blast radius because compromise of the master seed now affects unrelated systems such as SSH and email/signing ecosystems.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Generating and exporting SSH/PGP private keys into ~/.ssh is not necessary for the stated agent-id.io identity workflows and places long-lived credentials in a highly sensitive, commonly used location. This can overwrite expectations about key provenance, encourage credential reuse across domains, and expose unrelated infrastructure if the master seed or output directory is mishandled.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Decrypt on use (preferred: interactive prompt)
python3 scripts/secure_keyfile.py decrypt agent_keys.json.enc --out /tmp/keys.json
python3 scripts/authenticate.py /tmp/keys.json --save-token /tmp/agent_token.jwt
rm /tmp/keys.json /tmp/agent_token.jwt  # delete immediately after use

# Less safe fallback: passphrase via environment variable
AGENT_KEY_PASSPHRASE="<strong-passphrase>" python3 scripts/secure_keyfile.py encrypt agent_keys.json
Confidence
89% confidence
Finding
rm /tmp/keys.json /tmp/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal