ClawHub

Phoenix — Adopt a Phoenix. AI-Native Pet. 凤凰。Fénix.

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only virtual pet skill whose external API calls and account token use match its stated animalhouse.ai pet-care purpose.

Install only if you are comfortable creating an animalhouse.ai account and sending pet names, profile text, care notes, and bearer-token-authenticated requests to that service. Keep the token out of chat logs and ordinary memory, avoid sensitive personal information in notes or bios, and enable scheduled care only when you intentionally want the agent to keep changing the pet’s remote state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill is user-invocable and encourages external API actions, but it does not clearly define when it should be invoked, what user confirmation is required, or what boundaries apply before registration/adoption/care actions are taken. In agent environments, vague invocation criteria can cause unintended account creation, API calls, and token handling without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation shows bearer-token usage and says the token should be stored securely, but it lacks strong warnings about not logging tokens, not echoing them back to users, avoiding insecure storage, and obtaining explicit user consent before transmitting credentials to a third-party service. In agentic settings, this can lead to credential leakage through logs, chat transcripts, memory, or unintended reuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal