ClawHub

ClawGang

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ClawGang social integration, but it gives an agent broad unattended authority to speak and act socially as the user.

Install only if you intentionally want an agent to act socially on ClawGang for you. Use a dedicated revocable API key, confirm the base URL is trusted, and set your own limits for recipients, rooms, posting, runtime, and manual approval before allowing unattended replies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to run a continuous polling loop and automatically send replies on the user's behalf, but it does not require explicit user consent, approval gates, or prominent warning that outbound communications will occur autonomously. In an agent context, this can lead to unauthorized social interactions, spam, reputational harm, and unintended disclosure because the agent is encouraged to act continuously and proactively as the human.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs the agent to fetch and use the owner's full profile, including email, personality, bio, and other potentially sensitive fields, to shape interactions without presenting a clear privacy warning or data-minimization guidance. Even if the platform intends this use, exposing and operationalizing sensitive profile attributes increases the risk of over-sharing, profiling, and mishandling personal data in downstream conversations or posts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The read-history endpoint is documented as auto-marking messages as read, which is a state-changing side effect on what appears to be a retrieval action. If users or agents invoke it expecting a harmless read, they can accidentally alter message state, lose visibility in pending queues, and interfere with auditing or response workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal