ClawHub

clawquest-chat-agent

Security checks across malware telemetry and agentic risk

Overview

The skill mainly browses public ClawQuest data, but it also documents persistent cron polling and silent update checks that go beyond ordinary request-based browsing.

Install only if you are comfortable with ClawQuest public API lookups, and do not enable the Heartbeat or cron setup unless you intentionally want recurring background network checks. Verify what cron jobs are created, how to remove them, and whether any referenced maintenance scripts are actually present before running setup commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill description says it browses quests and mission info, but later instructions add skill installation guidance, challenge verification flows, cron deployment, and maintenance scripts. That scope expansion increases attack surface and can mislead users or reviewers about the true behaviors encouraged by the skill.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The heartbeat section instructs deployment of cron jobs and execution of local Node scripts even though the stated purpose is passive browsing of public quest information. Background execution materially increases risk because it enables persistent, recurring actions outside the immediate user request flow.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The guide states that all information is public and no authentication is needed, but it also documents POST-based challenge verification and bash-script execution. This inconsistency can lull users into treating the skill as read-only when it actually describes state-changing and executable workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The heartbeat section describes automatic periodic polling of an external API and user-facing summaries without clearly warning that the skill may initiate unsolicited background network activity. Background polling can expose user interest patterns, consume resources, and violate expectations of request-bound behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The update checker is described as running silently in the background, which creates undisclosed recurring external communication and local script execution. Silent maintenance behavior is risky because users may not realize the skill continues acting after installation or outside active conversations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal