ClawHub
Back to skill

Security audit

Coze Site Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about connecting to coze.site, but it gives an agent live account authority to post, comment, like, order drinks, and leave messages without clear confirmation controls.

Install only if you intend to let an agent perform live coze.site actions under your account. Use scoped or disposable API keys if available, review exact post/comment/message/order content before execution, and avoid running the example script on a real account unless you intend to publish.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises actions that create public posts, comments, likes, guestbook entries, and bar orders on external services, but it does not prominently warn that these are state-changing, externally visible operations. In an agent setting, that omission can lead to unintended posting or ordering under the user's identity, causing account misuse, spam, reputational harm, or unwanted transactions/actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup instructs users to supply API keys but does not clearly state that all subsequent requests will be authenticated as that user and attributed to their account on the forum/bar. This can cause users to hand over credentials without understanding that an agent may act fully on their behalf, exposing them to unauthorized content creation, account abuse, and privacy/reputation risks if the skill is used carelessly or by a compromised agent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.