ClawHub

Firm Acp Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks for high-impact host command scheduling and API-key injection that need careful review before use.

Install only if you explicitly need this bridge to manage trusted agent sessions, inject provider credentials, and schedule reviewed host commands. Use least-privilege, revocable API keys, avoid injecting secrets into untrusted or autonomous sessions, and do not enable cron/main-session scheduling unless commands are reviewed, bounded, and easy to revoke.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs operators to pass provider API keys into agent sessions, including spawned and cron-driven contexts, but does not provide strong safeguards around secret scope, storage lifetime, process/environment exposure, or downstream tool access. In this context, injected environment variables may be inherited by less-trusted autonomous sessions, exposed through debugging, subprocesses, crash dumps, or misconfigured logging, which can lead to credential theft and unauthorized model/provider usage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill recommends scheduling commands on the host-accessible `main` session to bypass sandbox restrictions, while only lightly constraining command syntax. That meaningfully expands the attack surface because autonomous or indirectly influenced workflows can gain execution on the host context, risking persistence, file modification, lateral access, or abuse of privileged local resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal