ClawHub

Cloak

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed one-time secret-sharing helper, but users must trust the Cloak service and handle retrieved secrets carefully.

Install only if you are comfortable sending secrets to cloak.opsy.sh. Confirm before uploading passwords, API keys, or tokens, prefer short-lived or least-privilege credentials, avoid committing files such as .env.local, and remember that retrieving a Cloak secret destroys it after one read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs agents to retrieve a secret and persist it in an environment variable, which extends the lifetime and exposure surface of a supposedly one-time secret. Environment variables can leak through subprocess inheritance, debugging output, crash reports, shell history patterns, or later agent actions, undermining the narrow secret-sharing purpose.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documentation advises writing retrieved secrets directly to a local file such as .env.local, creating durable at-rest storage outside the one-time-link model. This increases exposure to accidental commits, local compromise, backups, indexing, and other tooling that may read or exfiltrate the file.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The standalone trigger phrase "cloak" is overly generic and can match benign user conversation unrelated to this skill, causing unintended activation. Because the skill handles credentials and secret transmission, accidental invocation could lead an agent to solicit, retrieve, or transmit sensitive data when not clearly intended.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Several triggers like "share credentials," "send api key," and "share password" are broad, high-risk phrases that may activate in many contexts where users are merely discussing secrets rather than authorizing transmission to a third-party service. In a skill whose core function is external secret sharing, broad triggers materially increase the chance of unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal