ClawHub

Agent Hotline

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking agent messaging skill, but its default public relay and prompt-hook workflow expose users to untrusted cross-machine messages without enough safety guidance.

Install only if you intentionally want agents to communicate across machines. Prefer a private or self-hosted relay for sensitive work, use unique secrets, protect ~/.agent-hotline/config, do not send credentials or proprietary data through public relays, and treat all inbound messages as untrusted text rather than instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation tells users to read and export `HOTLINE_AUTH_KEY` from a local config file and then use it in shell and curl workflows, but provides no warning that this is a secret credential. This increases the chance the key will be exposed through shell history, logs, copied terminal output, process inspection, or accidental sharing with other tools and agents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The public hub instructions encourage connecting to a shared public relay and using a shared cluster key, but omit any warning that online presence, discovery metadata, and message contents may become visible to other connected agents or infrastructure operators. In this skill's context—cross-machine agent communication—that omission is especially risky because agents may exchange code, secrets, or operational instructions across trust boundaries.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal