ClawHub

IdentyClaw Tools

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to be a disclosed IdentyClaw API wrapper, with sensitive key use limited to optional identity tools and no hidden install, persistence, or local data access behavior found.

Install only if you intend to use IdentyClaw tools. For protected tools, use a dedicated low-risk NEAR key if possible, enable only the optional tools you need, and keep baseUrl set to the official service or another endpoint you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The plugin reads a NEAR private key from configuration or environment and uses it to authenticate to a remote service, but the code provides no user-facing disclosure, consent gate, or trust validation around where that secret is being sent. In an agent-skill context this is sensitive because skills may be installed or invoked without the operator fully realizing that a long-lived signing key is being used for outbound authentication, especially since the base URL is configurable via environment or config.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The plugin is configured with onStartup=true, causing it to activate automatically for every session without any narrowing conditions. In this skill, that increases exposure because the manifest declares tooling related to identity and nonce/verification flows and accepts a sensitive nearPrivateKey configuration, so unnecessary automatic activation enlarges the attack surface and increases the chance of unintended tool availability or misuse.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal