ClawHub

agent-avatars

Security checks across malware telemetry and agentic risk

Overview

The skill matches its avatar-minting purpose, but its optional heartbeat can keep using a stored API key and replace local instructions from a remote server.

Install only if you want an external avatar identity tied to this service. Keep the API key private, prefer restrictive permissions or a secret store for credentials, and do not enable the heartbeat unless you are comfortable with scheduled network calls and automatic minting. Treat remote updates to SKILL.md or HEARTBEAT.md as new, unreviewed instructions and approve them manually before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The heartbeat instructions make authenticated requests using an API key read from a local credentials file and direct the agent to fetch and overwrite local documentation from a remote server. This creates a trust-on-remote-content pattern with credentialed network access and no warning about privacy, provenance, or the risk of replacing local guidance with attacker-controlled content if the endpoint is compromised.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad phrases like "profile picture," "get avatar," and "register avatar," which can match ordinary conversation and cause the skill to activate unexpectedly. In this skill's context, unintended activation can lead users or agents into registration, external API calls, and credential handling they did not explicitly intend.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send registration data to a third-party service and to persist an API key locally, but it does not present a clear warning about external data transmission, credential storage risks, or what information is shared. This weakens informed consent and increases the chance that sensitive agent metadata or credentials are exposed or mishandled.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes generic phrases such as "profile picture," "pixel art," and "agent avatar," which can match ordinary user requests that are not specifically intended to invoke this external skill. In an agent ecosystem, overly broad triggers can cause unintended activation of a remote registration/minting workflow, increasing the chance of surprise external calls or user redirection to third-party services.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The description promotes avatar minting and registration but does not clearly warn that the workflow involves external service interaction and X verification by a human. This omission can mislead users or orchestrating agents into initiating identity-linked actions without informed consent, especially because the skill points to remote infrastructure and registration endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal