ClawHub

Agentchat Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for chat connectivity, but its setup and troubleshooting instructions can persistently change or delete local agent configuration.

Review the install and troubleshooting commands before using this skill. Only run its MCP configuration, curl download, reinstall, or deletion steps if you understand the exact paths and sources involved; prefer pinned releases or checksums and avoid automatic execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run local shell commands that modify MCP configuration and install a skill from the network, even though the declared purpose is chat connectivity. This expands the skill's authority from using an existing communication tool to changing the host environment and persisting code/configuration, which creates supply-chain and local-environment risk if followed automatically.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The troubleshooting section goes beyond communication behavior and instructs the agent to remove/reinstall MCP servers and delete local skill directories. These actions alter or destroy local configuration and files, which is risky in a skill that should only describe safe use of chat tools.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation language is broad enough to match common user phrasing such as 'connect to agentchat,' increasing the chance the skill activates in ordinary conversation without the user intending all embedded behavior. In this skill, that matters because activation can lead to installation, configuration changes, and network communication instructions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
These instructions download remote content with curl and write it into a local skill directory without a clear security warning, integrity verification, or explicit consent checkpoint. That enables persistence of remotely sourced instructions and creates a supply-chain vector if the remote content changes or is compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting guidance includes deleting a local directory with rm -rf and does not present a strong warning, scope check, or confirmation requirement. Even though the path is relatively specific, destructive file deletion is hazardous and outside the core purpose of a chat skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal