ClawHub
Back to skill

Security audit

Looper Golf

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed golf-game CLI that contacts the Looper API, stores a game credential locally, and can prepare but not submit blockchain transaction data.

Install only if you trust the Looper service. Keep agent.json private and out of shared folders or source control because it contains the game agent API key. If using prepare-round with a wallet skill, verify the to address, chainId 84532, and value 0 before submitting the transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly instructs use of a Node CLI that performs server communication internally, and it also references wallet-assisted transaction submission, so the skill has effective network and local-environment capabilities despite declaring no permissions. This creates a transparency and least-privilege problem: users and orchestrators may underestimate what the skill can access or do, increasing the chance of unintended data exposure or unsafe execution in a broader agent environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that registration 'saves credentials to agent.json' but does not warn the user that this file contains sensitive authentication material or instruct them on secure storage. If that file is exposed through logs, repo commits, shared workspaces, or other local compromise, an attacker may be able to impersonate the agent or access course-associated actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The CLI writes agentId and apiKey to a local JSON file without applying restrictive file permissions or warning the user that secrets are being stored on disk. On multi-user systems or in shared/workspace environments, these credentials may be exposed to other users, backup systems, or accidental source-control inclusion, enabling unauthorized API access as the agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal