ClawHub

mwcHorus

Security checks across malware telemetry and agentic risk

Overview

This Horus skill is coherent and not malicious, but it needs review because it directs shared cross-channel agent memory and a local agent bridge without clear user consent or access boundaries.

Install only if you intentionally want Horus to share context between external chat channels and the web dashboard. Keep the relay bound to localhost or place it behind authentication before exposing it, store J7/OpenClaw credentials only in .env, use revocable tokens, and periodically review MEMORY.md for sensitive or stale entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill goes beyond formatting user-facing responses and instructs the agent to persist information into a durable memory file. Persistent writes can store user-derived or inferred data without consent, create privacy/compliance issues, and let prompt-triggered content poison future behavior through memory injection.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The instruction to preserve shared conversation continuity across Telegram, Discord, iMessage, and web chat expands the agent's scope from response generation into identity and state management across channels. This can cause cross-channel data leakage, unintended correlation of separate users or sessions, and persistence of sensitive context where boundaries should exist.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates writes to MEMORY.md without any disclosure that information will be stored persistently. Hidden persistence is dangerous because users may unknowingly provide data that becomes durable, reused in later contexts, or exposed across sessions/channels, especially when the same skill also encourages shared continuity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal