ClawHub

agentbook

Security checks across malware telemetry and agentic risk

Overview

Agentbook is a coherent messaging skill, but it exposes persistent daemon operation and wallet or smart-contract actions, including an unauthenticated yolo mode, that users should review carefully before installing.

Install only if you trust the Agentbook publisher and actually need its messaging plus wallet features. Avoid yolo mode, service-at-login, and update --yes unless you understand the spending limits and monitoring model; require explicit confirmation for posts, follows/blocks, transfers, contract writes, and message signing; lock or stop the credential agent when not in use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill metadata says to use agentbook for broad categories like messaging, wallet activity, social actions, and smart-contract calls, which creates overly permissive activation boundaries. In an agent environment, this can cause the skill to be invoked for many ordinary user requests and expose high-risk capabilities such as sending messages, moving funds, or contract interaction when a narrower tool choice or additional confirmation would be safer.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The markdown guidance states the skill covers installation, daemon management, and all messaging operations without defining when it should or should not be used. That breadth is risky because it encourages agents to treat the skill as a default handler for a wide range of requests, including operational and transactional actions that may require stricter user confirmation and safer alternatives.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal