ClawHub

Voko Subagent

Security checks across malware telemetry and agentic risk

Overview

This skill appears built for VOKO support replies, but it passes visitor conversations into retained subagent runs without enough scoping or privacy guidance.

Review before installing if your VOKO database contains real visitor conversations or personal data. Confirm what tools the spawned subagent can use, where retained runs are stored, how to delete them, and whether logs capture Base64 prompts or visitor identifiers. Prefer trusted database paths and reproducible dependency installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The prompt asserts that incoming messages are Base64-encoded and should be treated as inert data, but only the JSON wrapper for currentMessages is Base64-encoded while conversation history and embedded fields remain directly injected into the prompt. This creates a false sense of safety and leaves the model exposed to prompt injection from stored message content, visitor fields, or other untrusted database data that can override instructions or manipulate downstream behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly states that the skill reads a VOKO SQLite database and may accept a preassembled Base64-encoded prompt, but it does not warn operators that these inputs may contain personal or sensitive conversation data. In this context, the skill handles visitor messages and creates sub-agents, so missing privacy guidance increases the risk of accidental exposure, over-collection, or improper transmission of user data.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "sqlite3": "^5.1.6"
  }
}
Confidence
88% confidence
Finding
"sqlite3": "^5.1.6"

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal