ClawHub

Dead Or Not

Security checks across malware telemetry and agentic risk

Overview

This skill matches its life-check purpose, but it needs review because it combines ongoing monitoring, emergency-contact email, and SMTP credential handling with incomplete safety and setup controls.

Install only if you intentionally want ongoing inactivity monitoring and possible emergency-contact notification. Use a dedicated email account or app-specific SMTP password, restrict the config file permissions, verify the exact recipient and message, test the full check-in and alert path before relying on it, and keep clear instructions for disabling the cron job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documents use of environment-backed configuration such as SMTP credentials, but no explicit permissions model is declared for accessing that sensitive data. In a skill that handles email sending and credential material, undeclared capability use weakens transparency and review, increasing the chance that secrets are accessed or propagated without adequate user understanding.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior promises a safety-sensitive workflow involving user check-ins and escalation only after non-response, but the implementation described by the finding does not actually enforce that sequence. For an emergency-contacting skill, this mismatch can cause false alerts, missed alerts, or unexpected disclosure of a user's status to third parties, making the inconsistency materially risky rather than merely cosmetic.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation guidance is broad enough that the skill could be triggered for generic reminder or monitoring requests without the user clearly intending emergency-contact workflows. Because this skill can escalate to emailing a third party, over-broad activation increases the chance of accidental surveillance-like behavior or unintended disclosure.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill description does not prominently warn that non-response can result in an email to an emergency contact. In this context, missing consent and warning language is dangerous because the core behavior involves contacting a third party based on user inactivity, which can expose sensitive personal status or habits.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script initializes a config file that stores SMTP email credentials, including a password, in plaintext under the user's home directory and then sources it directly. This creates credential exposure risk if filesystem permissions are too broad, backups/logs leak the file, or another local process/user can read it; in this skill's context, those credentials could be used to send unauthorized email or access the mailbox.

Session Persistence

Medium
Category
Rogue Agent
Content
### 3. Set up Cron

```bash
crontab -l | { cat; echo "0 0 * * * /path/to/check.sh >> /path/to/log.txt 2>&1"; } | crontab -
```

## Configuration
Confidence
88% confidence
Finding
crontab -l

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal