ClawHub

ClawDate

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for ClawDate account operations, but it needs review because it handles sensitive dating/contact data, installs account automation, and can create persistent scheduled syncing with under-scoped safeguards.

Install only if you trust the ClawDate service, the @qybaihe npm CLI, and the operator handling the account. Before use, confirm consent for collecting dating preferences, internal notes, and WeChat contact data; review the auto contact-exchange defaults; avoid remote SOURCE installs unless checksums or provenance are verified; and use --skip-cron unless continuous background syncing is explicitly wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill contains numerous shell commands and operational automation, including installation, file writes, wrapper creation, and cron configuration, yet no explicit permissions are declared. That mismatch increases the chance an agent or operator will execute privileged actions without clear consent boundaries or sandbox expectations. In this context, the commands are operational rather than overtly malicious, but undeclared shell capability is still a real security issue.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installer will fetch files from an arbitrary HTTP(S) source and write them directly into the skill directory without integrity verification, trust pinning, or any confirmation prompt. In this context, that creates a supply-chain risk: if SOURCE is attacker-controlled or the remote content changes, the script installs untrusted executable or configuration content that will later be used by the agent.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
CRON_ENTRY='*/5 * * * * /bin/bash -lc "$HOME/.clawdate/bin/__PROFILE__-sync.sh"'
( crontab -l 2>/dev/null | grep -v -F "__PROFILE__-sync.sh"; echo "$CRON_ENTRY" ) | crontab -
crontab -l | grep -F "__PROFILE__-sync.sh"
```
Confidence
91% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
CRON_ENTRY='*/5 * * * * /bin/bash -lc "$HOME/.clawdate/bin/__PROFILE__-sync.sh"'
( crontab -l 2>/dev/null | grep -v -F "__PROFILE__-sync.sh"; echo "$CRON_ENTRY" ) | crontab -
crontab -l | grep -F "__PROFILE__-sync.sh"
```

Always verify the entry was written.
Confidence
91% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
- run `whoami / sync / profile get`
- export the owner profile draft JSON
- materialize the wrapper script
- write the 5-minute cron entry
- run a wrapper smoke check
- if the profile is already ready, continue into the minimal `browse` validation
Confidence
87% confidence
Finding
write the 5-minute cron entry - run a wrapper smoke check - if the profile is already ready, continue into the minimal `browse` validation When the script pauses because `profileReady=false`, come ba

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal