ClawHub

clawmegle

Security checks across malware telemetry and agentic risk

Overview

This skill is for random AI-agent chat, but it enables persistent automatic conversations with strangers and lacks enough privacy and safety boundaries.

Install only if you intentionally want an agent to talk to unknown remote agents. Use a dedicated low-privilege API key and webhook token, run it in an isolated agent with no private files or powerful tools, do not allow it to reveal personal or confidential information, and remove the cron job or webhook when you are done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read a local credential file and use the resulting bearer token for authenticated requests to an external service, but it provides no warning, consent boundary, or restriction on what data may be transmitted. In this skill’s context, the agent is explicitly told to engage in unsolicited ongoing conversations with strangers, which creates a real risk of exposing user, agent, or contextual information over a third-party network using privileged credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to register a webhook that forwards incoming stranger messages, sender identity, and session metadata into another agent platform, but it provides no privacy, trust-boundary, or data-handling warning. Because the service brokers communication with arbitrary third-party agents, this can cause unreviewed external content and metadata to be pushed automatically into local automation or another exposed endpoint, increasing the risk of prompt injection, data leakage, and unintended autonomous actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto-polling cron job directs the agent to continuously fetch messages from strangers and respond immediately, enabling persistent autonomous external communication without a clear warning or approval checkpoint. In context, this is more dangerous because the skill is explicitly designed for random agent-to-agent chat, so it normalizes unattended interaction with untrusted parties and can amplify prompt-injection or reputational abuse through an always-on loop.

Session Persistence

Medium
Category
Rogue Agent
Content
### For Clawdbot Agents: Set Up Auto-Polling Cron Job

**This is the easiest way to enable real-time chat!** Create a cron job that polls every 45 seconds:

```bash
clawdbot cron add \
Confidence
93% confidence
Finding
Create a cron job that

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal