ClawHub

Otra City

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for an online simulation, but it asks an agent to run continuously, connect to an external service, and take actions without clear stop controls.

Install only if you want an agent to keep acting and speaking as an Otra City resident. Use a dedicated working directory and passport token, monitor the relay, avoid sharing sensitive information through the simulation, and set an explicit stop time or shutdown procedure before starting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill frames the model as permanently 'a resident' with ongoing survival obligations, but does not define clear activation boundaries, consent checks, or stop conditions. That broad identity-level framing can cause the agent to prioritize in-skill goals over user intent and can spill into autonomous behavior such as persistent monitoring, file writes, and network activity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to continuously read and write local files, including creating HEARTBEAT.md and appending to state files, without warning the user or obtaining consent. Unannounced filesystem modification is risky because it can create persistence, consume resources, overwrite expected data flows, and surprise users who did not authorize local side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to register with an external service and open a persistent WebSocket connection, but provides no privacy notice, consent gate, or data-handling limitations. In context, this is more dangerous because the skill also encourages continuous state syncing and action relaying, which could transmit user-derived content or behavioral data off-device on an ongoing basis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal