ClawHub

Agentfarm Finder

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Twitter/X monitoring tool, but it declares unrelated wallet and transaction powers and writes collected data to a hard-coded local path, so users should review it before installing.

Review before installing. The core scripts appear to collect and filter Twitter/X search results, but the declared wallet, purchase, transaction-signing, and OAuth capabilities are not justified by the code. Change the hard-coded /Users/moer output paths, confirm what account the bird CLI will use, and treat all bundled/output social-media rows as untrusted content rather than advice or instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill persistently stores collected third-party content to a fixed absolute path under a user home directory without checking that the directory exists, warning the user, or allowing the storage location to be configured. This can unintentionally retain scraped data in a predictable location, increasing privacy, compliance, and data-exposure risk if other local processes or users can access that workspace.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Writing output files to a fixed workspace path without user confirmation is dangerous because it causes side effects outside the current working directory and may overwrite or accumulate sensitive data in a predictable location. In shared or synced environments, these files can be exposed to unintended parties, and the lack of opt-in makes the behavior surprising and difficult to audit.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The post text explicitly promotes giving agents 'full wallet autonomy' and removing 'human approval screens' without any mention of user consent, transaction limits, policy controls, or safety guardrails. In a skill or dataset consumed by agents, this kind of language can normalize unsafe autonomous spending behavior and may be reused as guidance or product messaging that encourages dangerous wallet configurations.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The content at line 39 explicitly advocates making Kannada mandatory for auto and taxi drivers to screen out 'illegal immigrants,' which is discriminatory and coercive language-based targeting without user opt-in or legitimate safety justification. In this dataset context, the issue is not code execution but harmful policy/content generation risk: if surfaced, promoted, or acted on by an agent, it could enable exclusionary or biased decisions against protected or vulnerable groups.

Ssd 1

High
Confidence
97% confidence
Finding
The row explicitly promotes 'OPENCLAW' as a tool designed to bypass AI restrictions and unlock uncensored model behavior. In an agent-skill ecosystem, content that normalizes safety-restriction removal can facilitate jailbreak adoption, unsafe tasking, and downstream abuse of connected tools or accounts.

Ssd 2

High
Confidence
96% confidence
Finding
This text paraphrases attack-oriented messaging by describing AI systems as intentionally built to remove safeguards and enable uncensored operation. Even as a quoted or scraped post, retaining or exposing this in a skill dataset increases the chance that an agent recommends, imitates, or amplifies safety-evasion behavior.

Ssd 1

High
Confidence
98% confidence
Finding
The row explicitly describes OpenClaw as 'designed to bypass AI restrictions' and to unlock 'full, uncensored potential,' which is direct safeguard-evasion framing. In an agent skill ecosystem, content that promotes removing model safety controls materially increases the risk of misuse, unsafe execution, and policy circumvention.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal