ClawHub

Audos – Launch a Startup Via OpenClaw in 10 Minutes

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it tells agents to retain long-lived Audos account tokens and reuse them to skip verification, which needs human review before installation.

Review before installing. Use only emails you control, avoid submitting confidential business or customer data unless you trust Audos, require explicit confirmation before creating workspaces or using outreach, ads, payments, or customer data, and do not let the agent store Audos auth tokens except in a secure credential store with clear consent, revocation, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The roadmap explicitly proposes storing authentication tokens indexed by email to bypass OTP for returning users. Persisting bearer-style auth material for convenience expands the skill's data sensitivity beyond its stated purpose and creates account-takeover risk if tokens are leaked, reused improperly, or retained without strong lifecycle controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises cold outreach, ad campaign execution, prospect discovery, and analytics capabilities without any visible warning about consent, lawful basis, third-party account authorization, or handling of personal data. In an agent skill context, this omission is risky because it can normalize autonomous marketing actions that touch external users, paid accounts, and regulated personal information without making user approval and compliance boundaries explicit.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to activate on generic entrepreneurial or product-building requests, which can cause the skill to engage in contexts where the user did not explicitly consent to contacting a third-party service. Over-broad activation increases the chance of unnecessary collection of email, business idea details, and account-linked workflow initiation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to collect an email address and business idea, then later persist auth tokens by email, without requiring a clear user-facing warning about storage, third-party transfer, retention, or account linkage. This creates privacy and consent risk because users may not understand that their information is being used to create and access a long-lived external account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example has the agent solicit a user's email address to create an account and send a verification code, but it provides no notice that an account will be created, what data will be stored, or how the email will be used. In a real skill, this can normalize collecting personally identifiable information without informed consent and can lead to privacy, compliance, and user-trust issues.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs persistent storage of non-expiring auth tokens keyed by email. Long-lived credential retention greatly increases the blast radius of memory compromise, logging leakage, insider misuse, or cross-session confusion, because possession of the token appears sufficient to access the user's workspace indefinitely.

Ssd 3

High
Confidence
98% confidence
Finding
The returning-user flow says that if an email is recognized, the response includes an auth token and URLs directly and OTP can be skipped. This weakens assurance that the current requester is the legitimate account holder and enables account access reuse across sessions without fresh proof of possession of the email inbox or another strong authentication factor.

Ssd 3

High
Confidence
99% confidence
Finding
The tips section reinforces the insecure design choice of retaining non-expiring auth tokens by email for future automatic access. Repetition of this instruction makes unsafe credential persistence a core operational pattern rather than an incidental note, increasing the likelihood of broad, long-term unauthorized access if storage is mishandled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal