ClawHub

Airtap: Every claw now has a phone

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Airtap integration, but it needs Review because it can implicitly run state-changing mobile-app automation and stores a long-lived Airtap token locally without enough safeguards.

Install only if you intentionally want an agent to use Airtap for mobile-app tasks. Prefer explicit $airtap use, confirm task creation/cancellation/location updates before running them, avoid storing the token in shell history or chat, protect scripts/.env with restrictive permissions or use an external secret store, rotate the token if exposed, and pin reviewed dependency versions before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough to match generic 'mobile app' or task-delegation requests, which can cause the skill to trigger outside narrowly intended Airtap operations. Overbroad routing increases the chance that user requests containing sensitive app actions, credentials, or account operations are sent to this networked automation path without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup section instructs users to create and copy a personal access token, but it does not explicitly label the token as a secret or warn against exposing it in logs, shell history, screenshots, or version-controlled files. Because the skill also stores the token in scripts/.env and notes that file values override shell variables, accidental disclosure or insecure local storage could lead to account compromise via Airtap API access.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation without any visible trigger constraints, exclusion rules, or narrowing conditions. Because this skill can create, monitor, cancel tasks, send follow-up messages, and update user location, broad auto-invocation increases the chance the agent will route unrelated or ambiguously phrased requests into a side-effecting mobile-app workflow without clear user confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function persists a personal access token into a .env file on disk and only records this via an internal log entry, without an explicit interactive warning or any file-permission hardening. Storing long-lived credentials in plaintext increases exposure through accidental commits, local file disclosure, backups, and multi-user system access.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
Confidence
95% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
Confidence
90% confidence
Finding
python-dotenv

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
74% confidence
Finding
python-dotenv

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal