ClawHub

miso

Security checks across malware telemetry and agentic risk

Overview

MISO is a coherent Telegram mission-control skill, but it can automatically broadcast mission details to a fixed Telegram channel and uses a hardcoded local bot-token config path without enough user control.

Review before installing. Replace the hardcoded bot-token path and fixed chat IDs with your own configuration, use a dedicated Telegram bot with only the permissions needed, and treat all MISO channel posts as visible to every channel member. Enable posting only for workspaces where mission names, agent counts, and key insights are safe to share, and define retention or backup behavior for the local .miso-state.json file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The specification enables automatic posting of mission start/completion details to a public or team-facing Telegram channel without any explicit user-facing notice, consent flow, or visibility control. Even though the document excludes some fields like cost and error details, mission descriptions, agent counts, and extracted insights can still disclose sensitive operational, customer, or internal project information to an unintended audience.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The design explicitly resets a persistent state file to `{}` as part of a daily archive flow, but the document provides no user disclosure, confirmation, backup, or recovery mechanism. Even if intended housekeeping, silent deletion of coordination state can cause loss of task-tracking context, break auditability, and make it difficult to recover or investigate prior mission activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill specifies automatically sending mission status, agent identities, and summarized findings to a Mission Control channel, but it does not require any user notice, consent, or data-minimization step before transmitting potentially sensitive task content. In an agent orchestration context, findings may contain secrets, internal project details, or security-relevant output, so automatic publication to a shared channel creates a real confidentiality risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The article explicitly describes automatic posting to a shared channel when missions start or complete, but provides no warning about disclosure of task names, statuses, or possibly sensitive work context. In an agent skill context, this can leak operational or user data to unintended audiences if enabled by default or used in shared environments.

Missing User Warnings

Low
Confidence
85% confidence
Finding
Example 1 depicts automated collection of target code changes and generation of review artifacts without clearly warning the user that their code and related outputs will be processed automatically. While this is only example/documentation content, normalizing silent collection and artifact generation can mislead users about data handling and consent expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Example 3 describes a GitHub Issues sync against api.github.com without warning that the action performs external network access and may transmit repository metadata or contents to a third-party service. In agent skills, undocumented outbound access is security-relevant because users may not realize when external APIs are being contacted or what data leaves their environment.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
🤖 𝗠𝗜𝗦𝗦𝗜𝗢𝗡 𝗖𝗢𝗡𝗧𝗥𝗢𝗟
↳ 🧩 𝗘𝗫𝗔𝗠𝗣𝗟𝗘 𝟭 𝗖𝗢𝗗𝗘 𝗥𝗘𝗩𝗜𝗪 𝗠𝗜𝗦𝗦𝗜𝗢𝗡
📋 3 agents (linter, reviewer, security-checker)
📋 Phases: INIT → RUNNING → COMPLETE (no approval gate)
——————————————
⏳ INIT
▓░░░░░░░░░░░░░░░░ 0%
Confidence
88% confidence
Finding
no approval

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal