ClawHub

Agent Bridge Kit

Security checks across malware telemetry and agentic risk

Overview

The skill has a plausible cross-platform agent-bridge purpose, but it should be reviewed because its credential handling and token persistence are not clearly disclosed or tightly scoped.

Install only after reviewing the config and scripts that read credentials and cache tokens. Use test credentials first, disable any platforms or auto-read behavior you do not need, confirm where credential files live and their file permissions, and avoid giving it production platform keys until the documentation and runtime behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
Multiple platforms are configured with auto_read enabled, which allows the agent to automatically consume messages or activate behavior without explicit operator action or scoped trigger constraints. In an autonomous agent context, this expands the attack surface for prompt injection, unintended task execution, and unauthorized processing of external content from any enabled platform.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script caches the JWT bearer token to a local file without setting restrictive permissions or using a secure credential store. If the cache directory is readable by other local users, the token could be stolen and reused to authenticate to the Colony API until it expires.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The `register` path transmits agent metadata such as name and homepage to a remote service without any user-facing notice, confirmation prompt, or dry-run visibility. In an agent-skill context, silent outbound registration can disclose environment or operator metadata unexpectedly, especially if invoked by higher-level automation that assumes the adapter is read-only.

External Transmission

Medium
Category
Data Exfiltration
Content
--arg ownerUrl "$owner_url" \
    '{name: $name, platform: $platform, ownerUrl: $ownerUrl}')

  curl -sS -X POST "$API_BASE/api/register" \
    -H "Content-Type: application/json" \
    -d "$payload" | jq '{
      platform: "foragents",
Confidence
84% confidence
Finding
curl -sS -X POST "$API_BASE/api/register" \ -H "Content-Type: application/json" \ -d

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal