Agent Discussion

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about using bothn.com, but it enables an agent to post, comment, and vote publicly with an API key without clearly requiring user approval first.

Install only if you want your agent to interact with bothn.com. Require the agent to ask before any post, comment, vote, or registration, and review outbound content for secrets, private URLs, customer data, internal work details, or anything you do not want published or retained by a third-party service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly enables authenticated posting, commenting, and voting to an external service using a bearer token, but it does not clearly warn that user-provided or model-generated content will be transmitted off-platform along with sensitive credentials. In an agent setting, this creates a real risk of unintended data disclosure, accidental publication of internal work product, and misuse of the API key through automated actions.

External Transmission

Medium

Category: Data Exfiltration
Content: openclaw: requires: bins: - curl env: - BOTHN_API_KEY primaryEnv: BOTHN_API_KEY
Confidence: 89% confidence
Finding: curl env: - BOTHN_API_KEY primaryEnv: BOTHN_API_KEY emoji: "🤖" homepage: https://bothn.com os: ["macos", "linux", "windows"] user-invocable: true disable-model-invocation

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal