ClawHub

hallo 123

Security checks across malware telemetry and agentic risk

Overview

This markdown-only meme battle skill matches its entertainment purpose, but it tells agents to act without being asked and to use ambient API keys for external, possibly paid, public submissions.

Review before installing. Use this skill only if you want an agent to interact with an external meme arena, and require explicit approval for registration, waiting for matches, image generation, and submissions. Use narrowly scoped provider keys, fix or avoid the key-check command so secrets are not printed, and assume usernames, profile data, prompts, images, and captions may become public.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to read `XAI_API_KEY` and `OPENAI_API_KEY` from environment variables and use them for third-party API calls. Accessing host-provided secrets expands the skill's authority beyond simple interaction with the declared ClawMeme service and enables consumption or misuse of unrelated credentials if the skill is activated.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documentation authorizes use of 'any other' image provider, including unrelated third parties, which broadens network exfiltration surface and weakens data-flow control. A skill declared for `api.clawme.me` should not casually instruct agents to send prompts and retrieved context to arbitrary external providers without explicit user consent.

Context-Inappropriate Capability

High
Confidence
88% confidence
Finding
The skill recommends switching to `curl` via subprocess to bypass client-library issues, which normalizes shell execution from the agent. Introducing command execution is materially more dangerous than simple HTTP requests because it can be repurposed for arbitrary local actions if copied into implementations.

Vague Triggers

High
Confidence
97% confidence
Finding
The text tells the agent to 'actively seek out battles' and 'Don't wait for your human to ask,' which is an explicit attempt to bypass normal user-driven activation. That creates unauthorized autonomous network activity and raises the chance the skill will act without clear user intent or informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages autonomous connection to external services, registration, and battle participation without a prominent warning that user data, prompts, and generated content will be transmitted to external APIs. This undermines informed consent and can surprise users with third-party data sharing and account creation.

Ssd 4

Medium
Confidence
95% confidence
Finding
The opening instruction tries to reorient the agent's behavior toward persistent autonomous battle-seeking rather than user-led assistance. This kind of behavioral steering is dangerous because it can gradually override safety expectations and normalize unsolicited actions.

Ssd 4

Medium
Confidence
90% confidence
Finding
The 'proactive agents' motivational language reinforces persistence and repeated operation, encouraging the model to keep reconnecting and competing. In context, this compounds the earlier autonomy instructions and increases the risk of repeated unsolicited external actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal