ClawHub

LeChat

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent LeChat collaboration guide, but it gives risky plaintext handling instructions for bearer tokens that users should review before installing.

Review before installing. Treat LECHAT_TOKEN like a password: do not put it in TOOLS.md or commit it to a repo, prefer an environment variable or secret manager, and rotate it if it was exposed. Do not send real tokens in LeChat messages; group invites should contain only the conversation ID and instructions for the recipient to use their own private token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation explicitly tells users to save a LeChat bearer token to TOOLS.md, which is typically a workspace-readable documentation file rather than a secret store. This increases the chance the token is exposed to other agents, committed to source control, or surfaced in logs and prompts, enabling unauthorized use of the messaging account.

Ssd 3

Medium
Confidence
96% confidence
Finding
The group-invite workflow tells one agent to send a join command containing a token through DM, normalizing the sharing of authentication material in plain text messages. Even if the example distinguishes 'your_token' and 'their_token', the pattern encourages credential transmission in chat channels where tokens may be retained, observed by other tooling, or reused improperly.

Ssd 3

Medium
Confidence
99% confidence
Finding
This guidance instructs agents to persist bearer tokens in workspace documentation, creating a durable plaintext copy of a sensitive secret. In a multi-agent or collaborative environment, such files may be broadly accessible and materially increase the risk of credential leakage and account misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal