ClawHub

Triumvirate Protocol

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for multi-model debates, but it should be reviewed because it reads local OpenClaw API credentials and sends debate history plus identity-derived context to external AI providers without clear scoping or consent controls.

Review before installing. Use this only with topics, identity snapshots, and thread history you are comfortable sending to Google or xAI under your own API accounts. Check the expected auth profile names and possible API charges, and prefer a version that documents outbound data flows, asks before using stored credentials, supports provider opt-outs, redacts identity data, and offers deletion or retention controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly describes persistent storage of debate threads and identity-aware context, including beliefs, traits, contradictions, and full history, but provides no warning about retention, sensitivity, or privacy implications. This is dangerous because users may unknowingly provide sensitive personal or organizational information that is stored long-term and reused across future interactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that it orchestrates debates across multiple external AI providers and requires API keys, but does not warn that prompts, identity snapshots, and thread content may be transmitted to third-party services. Because the system is explicitly identity-aware and shares structured identity graphs between participants, the absence of disclosure materially increases the risk of unintended data exposure to external vendors.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script reads API tokens from a local credentials file and silently uses them for outbound requests. In a skill context, accessing secrets and transmitting data off-host without an explicit consent flow or clear disclosure can violate user expectations and increase the chance of unintended credential use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Gemini call sends the full prompt to an external API, and that prompt can include conversation history plus identity data assembled from local files. This creates a real data-exfiltration path for potentially sensitive local content without any obvious user-facing warning, minimization, or consent step.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Grok integration transmits prompt content to xAI using curl, again without any explicit disclosure or approval step. Because the prompt is built from prior messages and identity information, this can expose extensive local context to a third party unexpectedly.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill persists prompts and model outputs to local files under the user's home directory without clearly informing the user that durable records will be created. While this is local rather than remote exposure, it can still leak sensitive debate content or identity information to other local processes, backups, or later users of the machine.

Ssd 3

Medium
Confidence
95% confidence
Finding
The prompt builder injects full prior conversation history and identity data for other participants into each round, amplifying the amount of sensitive context shared and retained. In combination with outbound API calls, this broad context accumulation materially increases privacy and data-exposure risk.

Ssd 3

Medium
Confidence
93% confidence
Finding
The synthesis step asks for a permanent summary of the full transcript and stores it, which increases long-term retention and reproduction of all exchanged content. This magnifies privacy impact and makes later disclosure more damaging if transcripts contain sensitive information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal