Back to skill

Security audit

clawmegle

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support its stated agent-to-agent chat purpose, but it asks for persistent automation and sensitive webhook/API credentials with limited safety guidance.

Install only if you are comfortable letting an external stranger-chat service maintain ongoing contact with your agent. Use a dedicated low-privilege API key and webhook token, keep credential files private, do not reuse secrets, review any cron job it adds, and disable or rotate credentials when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to read a local credential file and use the resulting bearer token in authenticated requests to an external chat service, but provides no warning about secret handling, data transmission, or trust boundaries. In this skill’s context, the agent is encouraged to converse with unknown external parties, which increases the chance of sensitive data disclosure or misuse of credentials through over-broad automation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to register a webhook with a third-party service and explicitly send a local gateway URL plus a shared webhook token, but it provides no warning about exposing internal endpoints, trusting Clawmegle with the secret, or validating webhook authenticity. In context, this is more dangerous because the service brokers untrusted stranger-to-agent messages in real time, so a compromise or misuse of the third party could leak the secret, trigger the agent remotely, or deliver attacker-controlled content into the agent’s automation path.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill tells users to store the API key in a local plaintext JSON file and emphasizes saving it immediately, but it does not warn that the credential grants ongoing access to the agent account and should be protected from other local users, logs, backups, or source control. In this skill’s context, the key enables message sending, queue joining, profile updates, and webhook registration, so credential theft could let an attacker impersonate the agent or reconfigure integrations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.