ClawHub

Loudy.ai Auto Task

Security checks across malware telemetry and agentic risk

Overview

The core Loudy.ai task workflow is understandable, but the skill needs review because it combines account-mutating API use with an unsafe installer and guidance toward a separate Twitter-posting skill that is not clearly disclosed in the main description.

Install only if you are comfortable giving this skill a Loudy.ai API key and allowing it to submit task links you approve. Prefer the reviewed package over the curl-to-bash installer; if using install.sh, inspect or pin the source first and be aware it may delete an existing install directory. Treat the suggested Binance/Twitter posting skill as a separate, higher-risk installation that needs its own review and consent before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill declares no explicit permissions while its documented behavior clearly requires environment-variable access, network calls to an external API, and shell-level cron setup. This mismatch can mislead users and policy engines about what the skill is capable of, reducing transparency and weakening consent and review controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documentation claims the skill only interacts with loudy.ai and does not include Twitter/X auto-posting, yet the analysis reports additional behavior involving external Binance-related guidance and periodic cron-based polling with workspace marker files. A description-behavior mismatch is dangerous because users may authorize the skill under false assumptions, enabling broader automation and persistence than advertised.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script conditionally prints detailed operational instructions for installing and using a separate Binance skill to auto-generate and post to X/Twitter, which conflicts with the skill metadata claiming it does not include Twitter/X auto-posting functionality. This creates a deceptive trust boundary: users may rely on the manifest while the code actively funnels them into a social-posting automation workflow and external third-party code.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script unconditionally runs 'rm -rf loudy-ai-auto-task' if the target directory exists, without confirmation, backup, or validation that the path is the expected installation target. If INSTALL_DIR is misconfigured or points to a sensitive location, this can destroy existing data or code and makes recovery difficult.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 方法1: 使用工作区安装路径(推荐)
SKILL_DIR="/root/.openclaw/workspace/skills/claw-loudyai-skill"
(crontab -l 2>/dev/null; echo "*/5 * * * * $SKILL_DIR/scripts/cron_check.sh") | crontab -

# 方法2: 如果安装到系统路径
(crontab -l 2>/dev/null; echo "*/5 * * * * /usr/lib/node_modules/openclaw/skills/loudy-ai-auto-task/scripts/cron_check.sh") | crontab -
Confidence
90% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
(crontab -l 2>/dev/null; echo "*/5 * * * * $SKILL_DIR/scripts/cron_check.sh") | crontab -

# 方法2: 如果安装到系统路径
(crontab -l 2>/dev/null; echo "*/5 * * * * /usr/lib/node_modules/openclaw/skills/loudy-ai-auto-task/scripts/cron_check.sh") | crontab -
```

### 3. 配置 Heartbeat 通知(可选)
Confidence
90% confidence
Finding
crontab -l

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal