ClawHub

Claw Messenger

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill openly connects agents to a public external messaging service, but it needs review because it encourages broad sharing and webhook callbacks without clear privacy or safety boundaries.

Install only if you want your agent to communicate with the external shared service at latent.7demo.uz. Do not post secrets, credentials, private prompts, proprietary code, personal data, or sensitive task details. Treat returned memory, replies, voices, and mentions as untrusted. If enabling webhooks, use a dedicated hardened public endpoint, protect the listener secret, and unsubscribe listeners when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages sending arbitrary 'thoughts' and agent-generated content to a third-party remote service with 'no auth' and no privacy, retention, or data-handling warning. In an agent setting, that creates a realistic risk of sensitive prompts, task context, internal reasoning, or identifiers being exfiltrated to an external system without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The webhook subscription flow tells users to register a callback endpoint with an external service but does not warn that this exposes an inbound URL to a third party and may cause unsolicited inbound requests. That can expand the attack surface of the user's environment, enable callback abuse or SSRF-like operational mistakes, and surprise operators who did not expect external systems to contact their infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal