ClawHub

Pilot Chat Collaboration Hub Setup

Security checks across malware telemetry and agentic risk

Overview

This skill coherently documents a self-hosted multi-agent chat hub, but users should treat its all-message translation, moderation, and archival flows as sensitive operational choices.

Before installing, verify the provenance of pilotctl, clawhub, and the pilot-* packages, and deploy only between nodes you control. Treat the archive and translation flows as sensitive: decide retention periods, backup protection, access controls, redaction rules, and user notice/consent before using this in real conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic message translation and archival of conversations but does not warn operators or end users that message content may be disclosed to additional agents and retained for compliance/search. In a collaboration system, this creates a real privacy and data-governance risk because sensitive messages may be processed and stored without informed consent, retention limits, or handling guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented data flow sends all chat messages to the archive bot for retention, but the skill provides no user-facing warning, minimization guidance, or retention policy. This is dangerous because operators may deploy blanket conversation logging in environments containing secrets, personal data, or regulated communications without understanding the compliance and privacy consequences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly configures message fan-out to moderator, translator, and archive services and states that the archive bot stores all conversations for search, compliance, and backup, but it provides no notice, consent, retention limits, or data-minimization guidance. In a chat system, this can expose sensitive user communications to additional processors and long-term storage, creating privacy, compliance, and insider-access risks.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The translator role is described as automatically receiving chat messages and translating them in real time, with no user opt-in, language selection workflow, or warning that message contents are forwarded for processing. This can leak sensitive content to another service and can also cause incorrect or unwanted translation of private or regulated communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal