ClawHub

Felo SuperAgent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Felo API integration, but it should be reviewed because it can send prior conversation context and persistent workspace identifiers to Felo with broad reuse rules.

Install only if you are comfortable sending your prompts, relevant conversation context, selected resource IDs, style data, thread IDs, and LiveDoc IDs to Felo. Use a dedicated Felo API key, avoid secrets or regulated data, be careful with FELO_API_BASE overrides, and start a new LiveDoc for separate or sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README clearly describes sending prompts, conversation state, LiveDoc identifiers, and resource-related context to an external Felo API, but it does not prominently warn users about that data transfer. In an agent-skill context, users may unknowingly send sensitive prompts, conversation history, or linked resource metadata to a third-party service, creating a privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Verbose mode writes raw SSE event payloads directly to stderr, which can include full conversation text, tool parameters, and tool results. In shared terminals, CI logs, shell history capture, or centralized logging systems, this can expose sensitive prompts, generated content, and linked resource data to unintended parties.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to emit upstream `data.answer` verbatim with no filtering or review. If the external service returns secrets, internal identifiers, prompt-injection content, unsafe links, or other sensitive material from prior context or tools, the agent will disclose it directly to the user.

Ssd 3

Medium
Confidence
98% confidence
Finding
Reusing `live_doc_id` from any source, including user input or other skills, weakens context isolation and can bind the current request to the wrong workspace. This can expose or modify another conversation's data if identifiers are guessed, copied across tasks, or supplied from unrelated contexts.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the agent to enrich queries with prior conversational details before sending them to an external API. Without data-minimization rules, this can forward sensitive user information that was not necessary for the current request, causing privacy leakage to the upstream provider.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal