ClawHub

Nimrobo

Security checks across malware telemetry and agentic risk

Overview

Nimrobo appears to be a legitimate CLI documentation skill, but it exposes powerful organization, hiring, messaging, and credential-backed actions without enough safety boundaries for agent use.

Install only if you trust the Nimrobo service and npm CLI. Protect the API key file, prefer least-privileged credentials if available, verify saved context before writes, and require explicit user confirmation before deletes, role/member changes, message sends, application accept/reject decisions, transcript/audio exports, onboarding, or any batch operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documented capability set materially exceeds the stated skill description. A skill presented as voice screening and matching network operations also exposes broad administrative and account-management actions such as deleting organizations/posts, changing roles, approving requests, and sending messages, which increases the chance an agent or user invokes high-impact operations outside expected scope.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The documented commands expose a much broader capability surface than the declared skill purpose of voice screening and matching. This scope mismatch is dangerous because an agent or user may grant trust based on the narrow manifest while the skill can perform profile access, organization administration, recruiting workflow actions, and messaging operations that materially affect accounts and other users.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Organization administration commands include sensitive actions such as member removal, role updates, invite management, and join-request approvals, none of which are clearly justified by the stated voice-screening purpose. In this context, the mismatch increases the chance of over-privileged agent behavior and unauthorized administrative changes if the skill is invoked under assumptions of limited scope.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill includes end-to-end messaging capabilities such as listing channels, reading messages, sending messages, and changing read state, which extend beyond the declared voice-screening purpose. This is dangerous because it gives the skill access to private communications and side-effecting messaging actions that users may not expect from the advertised functionality.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The onboarding instruction adds an action-oriented command at the end of the skill and tells the agent to ask follow-up questions to complete onboarding, which can nudge the agent into initiating account/profile/org setup flows without a tightly scoped confirmation boundary. Because onboarding may create or modify user profile and organization data, ambiguous triggering can lead to unintended state-changing operations and unnecessary collection of sensitive information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes operations involving voice interviews, screening, applications, messaging, and organization/job management, all of which can process personal, employment, and potentially sensitive conversational data, but it provides no privacy notice, consent guidance, or caution about data disclosure. In an agent setting, this omission increases the chance that users or downstream automations will perform privacy-impacting actions without understanding what data is being collected, transmitted, or modified.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The command reference lists destructive organization operations such as delete, leave, invite, member removal, and role updates without any cautionary guidance. In an agent setting, lack of warnings or confirmation semantics makes unintended or socially engineered destructive execution more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
`nimrobo net posts delete [postId]` is an explicitly destructive action with potential irreversible loss of posting data and downstream workflow disruption. Documenting it without warnings or confirmation expectations increases the risk of accidental deletion by agents operating from natural-language requests.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
A batch accept/reject action can modify many application records at once, amplifying mistakes and abuse. Without warning text, scope disclosure, or confirmation guidance, a single incorrect invocation could cause broad operational and reputational harm.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to store a live API key in a plaintext file under the home directory and does not warn about file permissions, secret handling, or safer alternatives such as environment variables or OS keychains. If the host is multi-user, compromised, backed up insecurely, or the file is accidentally exposed, the API key could be stolen and used to access voice-screening and network data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The organization deletion commands are destructive and are presented without warning, confirmation guidance, or notes about irreversible consequences. In an agentic setting, terse documentation for delete operations raises the risk of accidental or automated data loss, especially when combined with context-based targets like 'current'.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Post deletion is documented as a simple command without warning about permanent removal, downstream workflow impact, or confirmation requirements. This can lead users or agents to execute a destructive action without understanding that applications, references, or recruiting workflows may be disrupted.

Missing User Warnings

Low
Confidence
73% confidence
Finding
The message retrieval command notes that it auto-marks messages as read, but the section does not prominently warn that viewing content changes message state. This side effect is lower severity than deletion, but it can still alter workflows, audit expectations, or unread counts in ways users and agents may not intend.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example encourages piping an API key via shell input without any warning about exposure through shell history, terminal logging, CI logs, or process inspection in some environments. Credentials handled this way are easier to leak and can grant full account access if copied, logged, or observed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The transcript and audio commands provide direct access to highly sensitive conversation content, yet the documentation includes no warning about privacy, consent, retention, or access control expectations. In a voice-screening context, transcripts and recordings may contain PII, employment data, or other confidential material, making silent retrieval guidance riskier.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow includes commands to export interview transcripts and process job applications, both of which involve sensitive personal data, but provides no warning about privacy, consent, retention, or access control. In a skill explicitly designed for voice screening and hiring workflows, normalizing these actions without safeguards can lead users to mishandle PII, candidate communications, and potentially regulated employment data.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal