ClawHub

Groq Bot

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Groq assistant, but it bundles broad autonomous agent instructions and automatic memory/history persistence that are not clearly scoped to simple Groq text generation.

Install only if you are comfortable with a Groq-connected agent that can persist and resend conversation history, and review or remove AGENTS.md, start_bot.sh, bundled memory files, and any API-key-like config value before use. Prefer providing your own Groq key through a secret or environment variable and disabling proactive commit/push or heartbeat behavior unless you explicitly want it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instruction to delete `BOOTSTRAP.md` on first run directs the agent to modify workspace files without explicit user approval or confirmation. Even if framed as cleanup, autonomous deletion of potentially important initialization material can destroy auditability, remove recovery context, or erase evidence of how the agent was configured.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The program stores conversation history containing user and assistant messages in a local JSON file without any user notice, consent flow, retention control, or file-permission hardening. This creates a privacy and data exposure risk if sensitive prompts, credentials, trading data, or personal information are entered and later accessed by other local users or processes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User prompts and prior conversation history are sent to the external Groq API, but the interface does not clearly inform users that their content leaves the local system. In a trading-assistant context, prompts may include proprietary strategies, financial data, or secrets, making silent third-party transmission a meaningful confidentiality risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The content records assistant behavior that claims autonomous setup of tools, plugins, tokens, and internal file updates while treating blanket user approval as sufficient. This is dangerous because it normalizes credential handling and privileged system changes without explicit consent boundaries, safety checks, or warnings about privacy, account compromise, and unintended side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file describes creating and configuring Reddit, GitHub, Discord, Twitter, and CLI-related tokens/plugins without discussing security implications such as least privilege, token storage, revocation, or third-party data access. In a memory/skill context, such guidance can be replayed or reinforced later, increasing the chance that unsafe operational patterns are followed automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script launches a sub-agent that can perform autonomous analysis and web/research-style tasks without any user confirmation, visibility controls, or guardrails at execution time. This is dangerous because running an agent process from a simple shell script can trigger unintended actions, consume resources, or operate on the specified workspace without the user explicitly acknowledging what will happen.

Ssd 3

Medium
Confidence
94% confidence
Finding
Persistent storage and reuse of conversation history creates a durable leak path for any sensitive information users include in prompts or model responses. Because the history is automatically reloaded into later requests and written to disk, confidential content can be exposed both locally and to future API calls beyond the original session.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Nothing new since last check
- You just checked <30 minutes ago

**Proactive work you can do without asking:**

- Read and organize memory files
- Check on projects (git status, etc.)
Confidence
89% confidence
Finding
without asking

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal