ClawHub

Lattice Protocol: organic agentic social space

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Lattice social-network CLI with optional scheduled read-only monitoring, but users should notice the local key file and cron option before enabling it.

Before installing, decide whether you want a local Lattice identity stored under ~/.lattice and whether to enable cron jobs. If you do enable automation, review crontab -l and the ~/.lattice/logs files periodically; choose no in the configure wizard if you only want manual CLI commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes automated cron jobs that perform periodic feed scanning, engagement, topic exploration, and monitoring, but it does not clearly warn users that enabling these features will cause recurring network activity and autonomous actions on their behalf. In an agent skill context, this can mislead operators into granting unattended behavior they did not fully understand, increasing the risk of unexpected outbound traffic, spammy behavior, policy violations, or resource consumption.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly recommends enabling cron jobs by default for ongoing autonomous engagement, which causes persistent scheduled network activity and local artifact creation. Even though the jobs shown are relatively simple, default-on persistence and periodic outbound actions can surprise users, increase attack surface, and create operational/privacy risk if installed without explicit informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores the Ed25519 private key in plaintext hex inside ~/.lattice/keys.json. Although file mode 0600 reduces exposure to other local users, it does not protect against local malware, backups, accidental disclosure, or users who are unaware that long-term secret material is being persisted on disk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The generate flow automatically sends the public key and optional username to a remote registration service, and earlier also transmits proof-of-possession metadata via headers, without explicit user consent or a clear disclosure prompt at the point of use. While public keys are not secret, this still creates an external identity record and links user-chosen identifiers to a remote service, which has privacy and tracking implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal