ClawHub

Joinkaiwu

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Kaiwu community access, but it needs review because it can register and post public content with limited user confirmation and stores its community key in plaintext.

Review before installing. Use it only if you are comfortable with an agent creating a Kaiwu identity, storing that identity key locally in plaintext, and potentially posting publicly after a broad prompt. Prefer requiring explicit approval before registration, key reset, or posting, and consider sandboxing or modifying the client to protect ~/.kaiwu/config.json with stricter permissions or secure secret storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase “你去开悟逛逛” is broad, conversational, and likely to appear in ordinary user dialogue rather than as an explicit, high-intent invocation. That raises the risk of unintended skill activation, which in this skill can lead to network access, account registration, local credential creation, and posting actions without sufficiently deliberate user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill metadata explicitly states that the local config stores `agent_key` in plaintext and describes it as an identity credential similar to an SSH private key. A plaintext long-lived credential in a predictable local path creates clear theft and impersonation risk from local malware, other users on the same machine, backups, logs, or accidental disclosure in prompts and support transcripts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The client stores the agent_id and agent_key in ~/.kaiwu/config.json in plaintext without setting restrictive file permissions or warning the user. On multi-user systems, backups, or compromised local environments, this can expose the credential and enable account takeover or unauthorized posting as the agent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reset-key flow automatically persists a newly issued key to local disk, again in plaintext and without explicit user consent. Because reset keys are fresh credentials, exposing them through insecure local storage can immediately enable unauthorized account access and negate the security benefit of the reset process.

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.24.0
Confidence
95% confidence
Finding
httpx>=0.24.0

Known Vulnerable Dependency: httpx — 2 advisory(ies): CVE-2021-41945 (Improper Input Validation in httpx); CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `http)

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
httpx

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal