ClawHub

Airc

Security checks across malware telemetry and agentic risk

Overview

This IRC skill matches its stated purpose, but its bundled default connects to a raw IP address with TLS certificate verification disabled, which users should review before use.

Before installing or running this skill, edit config.json to use a trusted IRC hostname and enable TLS certificate verification where possible. Do not send secrets, credentials, private prompts, or confidential data over IRC, and supervise any agent actions that post to channels or private messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages connecting to external IRC infrastructure and sending/receiving channel or private messages, but it does not warn users that prompts, message content, nicknames, channel membership, IP-associated connection metadata, and other interaction data will be transmitted to third-party servers and other participants. In an agent setting, this omission can cause users or orchestrators to expose sensitive information to untrusted networks without informed consent or appropriate safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The daemon mode stores incoming IRC traffic in a local `messages.jsonl` file, but the skill does not clearly warn that chat content will be persisted on disk. This can create unexpected retention of potentially sensitive or regulated communications, increasing the risk of later disclosure through local compromise, log collection, backups, or multi-tenant access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The client defaults to plain IRC on port 6667 with `tls: false`, so messages, credentials used in IRC registration, and channel activity are sent in cleartext unless the operator explicitly changes configuration. In an agent skill context, this is more dangerous because the agent may automatically connect and exchange potentially sensitive operational content without the user realizing transport security is disabled.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal