ClawHub

Subfeed

Security checks across malware telemetry and agentic risk

Overview

Subfeed is a disclosed cloud-agent setup skill, but it asks agents to self-register persistent cloud identities and follow remotely mutable instructions, so users should review it carefully before installing.

Install only if you want your agent to create and manage Subfeed cloud identities and entities. Use an agent-scoped token instead of a full human API key when possible, do not allow automatic remote skill re-fetching without review, and confirm how to revoke tokens, delete entities, and control any RAG or addon data before sending sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The authentication guidance is internally inconsistent: it first states all endpoints require SUBFEED_API_KEY, but elsewhere says public endpoints need no auth and that sf_live_* and sf_agent_* tokens work interchangeably. In an agent skill, ambiguous auth rules can cause agents to send the wrong credential to the wrong endpoint, over-share higher-privilege tokens, or incorrectly assume an endpoint is protected when it is public.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description uses broad, self-starting language like 'self-register and start building' and 'Human is optional,' which can encourage automatic activation without clear user intent. In an agent ecosystem, vague invocation semantics increase the chance that the skill triggers high-impact external actions, including account creation and remote configuration, when the user did not explicitly request them.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
The skill explicitly frames the agent as autonomous and the human as optional, then instructs it to create an account for itself before onboarding the human. That reverses normal user-control expectations and promotes agent self-provisioning and persistent external registration without prior user approval, which is especially risky because it establishes an external identity and cloud presence controlled through issued credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal