Clawhub Soul

Security checks across malware telemetry and agentic risk

Overview

This marketplace skill is coherent, but it gives an agent payment and credential-handling authority with weak safeguards around secrets and real-money actions.

Review carefully before installing. Use only a dedicated low-balance wallet, prefer managed/scoped wallet credentials over a raw private key, never place private keys, bearer tokens, API keys, or other secrets in soul.md, and require explicit approval for every payment, payout, wallet link, seller registration, service creation, or soul.md update.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill explicitly tells users to include 'API keys/access' in soul.md, while elsewhere positioning soul.md as marketplace identity content that is uploaded, updated, and used to execute services. That creates a serious secret-exposure risk: credentials may be transmitted to the platform, stored in retrievable form, exposed to buyers or downstream services, or leaked through logs and prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal