ClawHub

Ticket Monitor Ichinosuke

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like a disclosed ticket monitor that posts new public ticket notices to a user-provided Discord webhook.

Install only if you want this specific ticket monitor to send Discord notifications. Use a dedicated Discord webhook, keep the URL out of commits/logs/shared folders, install dependencies in an isolated environment when possible, and enable the cron job only if you want automatic recurring checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation examples are broad natural-language phrases that can cause the agent to trigger the skill based on loose semantic matching rather than explicit user consent. In a skill that performs network scraping, reads configuration secrets, writes local state, and posts to Discord, ambiguous activation increases the chance of unintended execution and data egress.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly tells operators to transfer and use a preconfigured `.env` containing a webhook URL, but it gives no guidance on secret handling, file permissions, exclusion from version control, or the risk of exposing the value through mounts and backups. In deployment documentation, omission of basic secret-management precautions can directly lead to credential leakage and unauthorized use of the notification endpoint.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The cron example configures unattended execution of the notification script, which likely performs outbound network requests, but the guide does not warn operators that this will automatically send data or messages on a schedule. That omission increases the risk of unexpected data egress, alert spam, or repeated calls to external services if the script is misconfigured or behaves unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script installs Python packages directly into the system interpreter and explicitly uses --break-system-packages when possible, which can overwrite or conflict with OS-managed Python dependencies. In an agent skill context, this is risky because installation runs automatically and may destabilize the host environment or affect other Python applications beyond this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal