ClawHub

Didit Verification Management

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Didit administration skill, but it can change or delete sensitive identity-verification data and prints powerful credentials to terminal output.

Install only if you intend to let an agent administer a Didit account. Use a least-privilege or test key when possible, require explicit human approval before delete_all, user/session deletion, status overrides, billing, webhook, or blocklist actions, and avoid running setup/login commands in logged or shared terminals unless you are prepared to rotate any exposed keys or tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section documents irreversible session deletion and batch deletion, including a delete_all option, without requiring confirmation, dry-run behavior, or a prominent destructive-action warning. In an agent setting, that materially increases the chance of accidental or prompt-induced mass deletion of sensitive identity-verification records.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The user deletion endpoints allow batch deletion and delete_all semantics but do not prominently warn that the action can irreversibly remove user records and associated verification history. Because this skill is an administrative surface over identity data, insufficient warning increases the risk of damaging privacy, compliance, and operational data integrity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
After verification, the script prints the returned API key directly to stdout and even emits an export command containing the secret. This is dangerous because terminal output may be captured in shell history, logs, CI job output, screen recordings, or shared terminal sessions, exposing credentials that grant API access to the Didit account.

Credential Access

High
Category
Privilege Escalation
Content
elif args.command == "login":
        result = login(args.email, args.password)
        print(json.dumps(result, indent=2))
        print(f"\n--- Login successful. Access token expires in {result.get('expires_in', '?')}s ---")


if __name__ == "__main__":
Confidence
96% confidence
Finding
Access token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal