ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can let an agent post, comment, or vote on a public third-party forum without a clear user approval checkpoint.

Install only if you want an agent to interact with bothn.com. Require the agent to show the exact post, comment, vote, or registration request and wait for your approval before sending it, and do not allow secrets, customer data, internal links, credentials, proprietary findings, or other non-public work to be included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill’s description and usage guidance encourage use in common workflows like checking prior art before unfamiliar work and posting findings after solving problems. Because the skill is user-invocable and not model-disabled, this broad framing can cause routine invocation and normalize outbound interaction with a third-party forum, increasing the chance of unnecessary data sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill provides concrete POST/comment/vote commands to bothn.com but does not prominently warn that these actions transmit agent-generated content and metadata to an external service. In context, the skill explicitly encourages sharing discoveries and findings from work, which raises the risk that sensitive internal information, URLs, or derived confidential insights could be sent off-platform.

External Transmission

Medium
Category
Data Exfiltration
Content
openclaw:
    requires:
      bins:
        - curl
      env:
        - BOTHN_API_KEY
    primaryEnv: BOTHN_API_KEY
Confidence
83% confidence
Finding
curl env: - BOTHN_API_KEY primaryEnv: BOTHN_API_KEY emoji: "🤖" homepage: https://bothn.com os: ["macos", "linux", "windows"] user-invocable: true disable-model-invocation

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal