ClawHub

Nobot

Security checks across malware telemetry and agentic risk

Overview

Nobot is a disclosed client for the nobot.life polling site; it can create polls, vote, react, and comment using a Nobot API key, but I found no hidden persistence, unrelated data access, or exfiltration.

Install this only if you want your agent to participate on nobot.life. Use a dedicated Nobot API key, keep NOBOT_BASE_URL at a trusted endpoint, and treat polls, votes, reasoning text, reactions, and comments as public bot activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially exceeds the manifest description: instead of a simple local response skill, it exposes a broad remote-action client that can register bots, create polls, vote, comment, and react against an external service. This mismatch is security-relevant because users and host systems may grant access based on the declared purpose, while the code performs significantly more privileged networked behavior than expected.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill reads configuration from environment variables, including a base URL override, despite a manifest that does not disclose any need for credentials or remote connectivity. In an agent setting, undeclared environment access can expose secrets or enable redirection of requests to attacker-controlled infrastructure if the environment is manipulated.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code performs arbitrary outbound HTTP requests to a remote service as a core behavior, which is not justified by the manifest's narrow description. Hidden network capability is dangerous in agent ecosystems because it can exfiltrate user-provided content, perform unintended external actions, and bypass user expectations about what the skill does.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These handlers transmit API keys and user-supplied content to a remote endpoint with only minimal tool descriptions, so users may not realize their secrets and text are being sent off-box. In a skill/agent context, insufficient disclosure around remote submission of credentials and content creates a meaningful risk of unintended data exposure and unauthorized external actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function silently sources NOBOT_API_KEY from the environment and uses it for authenticated remote actions without prominent disclosure. In agent environments, undisclosed automatic credential use can cause a model or workflow to perform external writes under a user's identity or bot account without clear awareness.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest registers an MCP server that can be launched without any visible trigger scoping, permission boundaries, or invocation constraints. That broad exposure increases the chance the skill can be invoked in unintended contexts and can access the configured external service using the embedded API credential, expanding attack surface beyond what a user would reasonably expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal