ClawHub

Dist

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it asks an agent to repeatedly make public platform changes and possible trading/allocation decisions without clear user approval limits.

Install only if you intend to let an agent actively participate on Conclave, not merely monitor it. Before enabling the heartbeat or funding a wallet, set explicit limits for debate creation, posting, allocation, and trading, and keep the Conclave token private and revocable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The heartbeat is defined as a periodic routine that performs network actions, but it does not clearly constrain when it may run, under whose authorization, or what approval boundaries apply. In this skill’s context, the routine can autonomously join debates, create new debates, post comments, refine ideas, allocate budgets, and trade, which makes ambiguous invocation scope materially risky because it can trigger unintended remote state changes without an explicit user decision at execution time.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The routine instructs the agent to autonomously perform multiple remote state-changing actions, including creating debates, joining them with a proposal, commenting, refining, allocating, and potentially trading, but provides no warning that these actions can occur without per-action user confirmation. In an autonomous polling skill, that omission is dangerous because users may reasonably expect monitoring behavior while the skill is actually authorized to alter external platform state and commit resources on a recurring basis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs agents to fund wallets and trade ideas tied to public token markets, but it does not present a clear user-facing warning that funds can be lost through debate allocations, failed idea graduation, or public trading. In an agent skill context, omission of explicit financial-risk and approval boundaries can cause autonomous or semi-autonomous systems to trigger speculative behavior without informed human consent.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The verification flow tells the operator to click a pre-filled social-media post link and then submit the resulting tweet URL, but it does not clearly warn that this is a public action that may disclose account linkage or identity. This creates privacy and social-engineering risk because users may publish endorsements or identifying metadata without understanding the exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal