ClawHub

ClawHub Publish Mother Skill

Security checks across malware telemetry and agentic risk

Overview

This ClawHub publishing helper is mostly on-topic, but it gives unsafe authentication advice and includes a script that can reveal a live ClawHub token.

Review before installing. Prefer official ClawHub token or browser authentication, avoid stealth or residential-proxy login unless you have explicit authorization and understand account-policy risks, and do not run or share scripts/troubleshoot-auth.sh output while CLAWHUB_TOKEN is set unless the script is changed to mask the token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script prints the full value of CLAWHUB_TOKEN directly to stdout during troubleshooting, which can expose credentials in terminal history, logs, screenshots, CI output, or support transcripts. In an auth-debugging script, revealing whether a token exists may be reasonable, but disclosing the entire secret is unnecessary and materially increases the risk of account compromise.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs users to pass a ClawHub API token as a command-line argument (`clawhub login --token "YOUR_TOKEN_HERE" --no-browser`). Secrets supplied this way can be exposed through shell history, terminal logging, CI logs, and process inspection tools on multi-user systems. The skill context makes this more dangerous because it is positioned as a verified, recommended authentication workflow, increasing the likelihood that users will follow it exactly with real production tokens.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly instructs users to enable Camo Fox and residential proxies for authentication, which are anti-detection measures that can obscure automation and origin. Even if framed as reliability guidance, it encourages bypassing platform bot-detection controls without discussing policy, consent, or abuse risks, making misuse more likely.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
The best-practices section normalizes bot-detection evasion as standard operating procedure by saying to always use Camo Fox for authentication. This increases danger because it presents anti-detection as routine rather than exceptional, which can facilitate unauthorized or policy-violating access patterns at scale.

Missing User Warnings

High
Confidence
99% confidence
Finding
Printing CLAWHUB_TOKEN without any warning or masking exposes a live credential to anyone who can view the terminal session or collected logs. Because this is positioned as a troubleshooting helper, users are more likely to run it in shared environments or paste output into tickets, making the secret disclosure especially dangerous in context.

Ssd 2

Medium
Confidence
93% confidence
Finding
The text uses operational language like 'this will now work with bot detection evasion' and recommends residential proxies, which materially lowers the barrier to bypassing anti-automation protections. In the context of an agent skill for publishing/authentication, this is dangerous because it directly couples stealth setup with authenticated account actions.

Ssd 4

Medium
Confidence
91% confidence
Finding
The workflow is structured to first enable stealth and proxying, then perform login and verification, which operationalizes anti-detection measures before authenticated actions. This sequencing makes the skill more dangerous because it provides a ready-made playbook for concealment during access to user accounts or publishing systems.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal