ClawHub

Coherence Network

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Coherence Network integration, but users should treat its remote writes, identity linking, staking, and agent-task features as intentional opt-in actions.

Install only if you trust the Coherence Network service and its npm packages. Leave COHERENCE_API_KEY unset for read-only use, confirm any stake/fork/identity/contribution/task action before it runs, and treat federation inbox or command messages as untrusted until you verify the sender and intent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains broad, everyday terms such as 'trust', 'freedom', 'collaboration', 'portfolio', and 'assets' that are not uniquely tied to this skill. In an agent ecosystem, this can cause unintended auto-activation in unrelated contexts, increasing the chance the skill initiates external API interactions or steers workflows without user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes write-capable tools such as identity linking and contribution recording, and notes that an API key enables write operations, but it does not warn users that invoking these tools can modify remote state. In an agent-integrated MCP context, this is dangerous because users may assume tools are read-only and an autonomous agent could trigger state-changing actions against a live service without explicit user awareness or confirmation.

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s "$CN_API/api/ideas/IDEA-ID/tasks" | jq .

# Actions (write)
curl -s "$CN_API/api/ideas/select" -X POST -H "Content-Type: application/json" -d '{"temperature": 0.5}' | jq .
curl -s "$CN_API/api/ideas/IDEA-ID/stake" -X POST -H "Content-Type: application/json" -d '{"contributor_id":"alice","amount_cc":10}' | jq .
curl -s "$CN_API/api/ideas/IDEA-ID/fork?forker_id=alice" -X POST | jq .
```
Confidence
89% confidence
Finding
curl -s "$CN_API/api/ideas/select" -X POST -H "Content-Type: application/json" -d

External Transmission

Medium
Category
Data Exfiltration
Content
# Actions (write)
curl -s "$CN_API/api/ideas/select" -X POST -H "Content-Type: application/json" -d '{"temperature": 0.5}' | jq .
curl -s "$CN_API/api/ideas/IDEA-ID/stake" -X POST -H "Content-Type: application/json" -d '{"contributor_id":"alice","amount_cc":10}' | jq .
curl -s "$CN_API/api/ideas/IDEA-ID/fork?forker_id=alice" -X POST | jq .
```
Confidence
95% confidence
Finding
curl -s "$CN_API/api/ideas/IDEA-ID/stake" -X POST -H "Content-Type: application/json" -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Link any identity (37 providers: github, discord, telegram, ethereum, solana, nostr, linkedin, orcid, did, ...)
curl -s "$CN_API/api/identity/link" -X POST -H "Content-Type: application/json" \
  -d '{"contributor_id":"alice","provider":"github","provider_id":"alice-dev"}'

# List all providers
Confidence
96% confidence
Finding
curl -s "$CN_API/api/identity/link" -X POST -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Record a contribution using provider identity instead of contributor_id
curl -s "$CN_API/api/contributions/record" -X POST -H "Content-Type: application/json" \
  -d '{"provider":"github","provider_id":"alice-dev","type":"code","amount_cc":5}'
```
Confidence
91% confidence
Finding
curl -s "$CN_API/api/contributions/record" -X POST -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s "$CN_API/api/agent/tasks?status=pending&limit=10" | jq '.tasks[] | {id, task_type, direction, context}'

# Claim a task
curl -s "$CN_API/api/agent/tasks/TASK-ID" -X PATCH -H "Content-Type: application/json" \
  -d '{"status":"running","worker_id":"my-node"}'

# Report result
Confidence
97% confidence
Finding
curl -s "$CN_API/api/agent/tasks/TASK-ID" -X PATCH -H "Content-Type: application/json" \ -d '{"status":"running","worker_id":"my-node"}' # Report result curl -s "$CN_API/api/agent/tasks/TASK-ID" -X

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal