ClawHub

Ai Company

Security checks across malware telemetry and agentic risk

Overview

This is a coherent automation scaffold, but it asks users to wire up credentials, scheduled jobs, deployment, email, and social posting without enough safety boundaries.

Review this as a high-impact prototype, not a finished autonomous company. Install only in an isolated workspace first, use throwaway or least-privilege accounts, keep social posting, email sending, deployment, and cron jobs disabled until reviewed, and add human approval gates, rate limits, logging, privacy controls, and rollback plans before any production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill markets itself as a fully autonomous AI company operating continuously and profitably, but the content mainly describes scaffolding, examples, cron scheduling, and local JSON-based simulations rather than a safe, bounded implementation. This mismatch can mislead users into over-trusting immature automation, increasing the chance they deploy uncontrolled workflows, expose credentials, or hand business actions to code that lacks real safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes autonomous scanning of GitHub, Reddit, and Twitter plus automated customer acquisition, but it omits basic safety constraints such as respecting platform terms, privacy expectations, rate limits, and anti-spam/account-abuse risks. In the context of an 'autonomous AI company' skill, that omission is more dangerous because users are being encouraged to deploy persistent automated external actions that can quickly violate third-party policies or mishandle personal data at scale.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup flow instructs users to copy a .env file, add API keys, run tests, and start the system without warning that the credentials will enable live external API access and potentially autonomous actions. In this skill's context, that increases risk because users may unknowingly launch real scans, requests, or customer-facing behavior using privileged tokens before understanding scope, billing, or data exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages automated scanning of external platforms and automated sales/marketing outreach without discussing consent, rate limits, platform terms, privacy obligations, or handling of collected personal data. In practice, this can lead to unauthorized scraping, spam-like outreach, and improper collection or storage of user information.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The workflow documentation includes automatic MVP implementation, testing, and deployment to production as part of a triggered pipeline, but provides no guardrails around change approval, secrets handling, rollback validation, or user/data impact. This makes the context more dangerous because the skill is explicitly designed for unattended operation on live systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation exposes an email-sending capability but does not warn that using it may transmit user or third-party data to external recipients. In an autonomous AI-company skill, this increases the risk of unintended outbound communications, spam, privacy violations, or data leakage because agents may act without clear human approval boundaries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The social-media posting API is documented as a normal capability without warning that posted content becomes public and may reveal sensitive business or personal information. Given the skill's autonomous marketing context, this omission makes accidental reputational harm, policy violations, and irreversible public disclosure more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal