Back to skill

Security audit

Clawdbot Sync

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SSH/rsync sync tool, but it warrants review because it can transfer and overwrite sensitive agent memory/profile data while weakening SSH peer verification.

Install only if you intend to sync agent memory/profile state between machines you control. Use a dedicated least-privilege SSH key/account, verify or pin SSH host keys, run /sync diff and keep backups before syncing, and avoid enabling auto-sync until tested with non-sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script disables SSH host key verification with `StrictHostKeyChecking=no` when testing connectivity, which permits man-in-the-middle interception or impersonation of a peer. In a sync utility that transfers memory and user data between agents, trusting an unauthenticated host can lead to silent disclosure, tampering, or poisoning of synchronized state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill handles synchronization of highly sensitive agent data such as memory, user profile, and possibly installed skills, but the user-facing description does not prominently warn that invoking sync will transmit that data to another machine. In this context, omission of a clear disclosure can lead users to unintentionally exfiltrate personal or sensitive information to a remote peer they did not fully vet.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Documenting auto-sync without emphasizing that it can trigger recurring background transfers of memory and profile data increases the risk of silent or repeated data disclosure. In a multi-agent sync skill, automatic transmission is especially sensitive because it can propagate private data, mistakes, or malicious modifications across instances without per-run review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup guide instructs users to execute a remote script via curl piped directly to sh, which bypasses review of the downloaded content and creates a supply-chain execution risk. In a sync/SSH setup skill, this is especially sensitive because the user is already being guided to establish trusted network connectivity between systems, so compromise of the install path could lead to broader host access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The tool performs destructive rsync operations using `--delete` in diff/push workflows without any explicit user confirmation, dry-run gate, or safety interlock. In this skill's context, synchronized content includes memory and preference files, so an accidental or maliciously targeted sync can erase important local or remote state and propagate mistakes quickly across agent instances.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.