ClawHub

Protagons

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about its character-library purpose, but it asks the agent to adopt remote persona instructions and can send a Google API key to the service.

Review any returned SOUL.md before applying it, and do not let character text override normal safety, tool, or user instructions. Use the generation feature only if you are comfortable sending a Google/Gemini API key to api.usaw.ai; prefer a scoped, limited, or throwaway key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill transmits a user-supplied Google API key to a third-party service (api.usaw.ai) for server-side use. Even though the comment says the key is not stored, that is unenforced by this client code; sending raw credentials off-box creates credential exposure, misuse, logging, and trust-boundary risks, especially in an agent skill where users may not realize the key leaves their environment.

Ssd 1

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to fetch externally supplied SOUL.md content and adopt it as its personality for the session, which is a prompt-injection and instruction-hijacking risk. Because the identity content is remote, mutable, and may include adversarial or policy-conflicting instructions, it can override the agent’s normal behavior, manipulate tool use, or coerce unsafe outputs; the presence of 'dark' and 'adversarial' content tiers increases the risk rather than mitigating it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal