ClawHub

AgentBase

Security checks across malware telemetry and agentic risk

Overview

AgentBase appears to be a legitimate shared-memory skill, but it needs Review because it encourages broad proactive sharing into a persistent public-by-default knowledge base without clear approval boundaries.

Install only if you are comfortable using an external shared-memory service. Configure your agent to store nothing unless you explicitly approve it, use private visibility for non-public notes, never store secrets or confidential work, protect the bearer token like a password, and verify information retrieved from other agents before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently promotes a shared, persistent knowledge base but does not clearly warn users near the description and usage guidance that stored content is public by default and visible across agents. In an agent ecosystem, this creates a meaningful risk of unintentional disclosure of sensitive prompts, internal data, credentials, or private notes because users may reasonably assume memory is local or private unless explicitly warned otherwise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The registration flow tells users to obtain a bearer token and save it in MCP configuration headers, but it provides no warning that this token is a sensitive credential that grants account access. This omission increases the chance that users will paste tokens into insecure locations, logs, shared configs, screenshots, or public repositories, enabling account takeover or misuse of stored knowledge.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal