ClawHub

RedLine

Security checks across malware telemetry and agentic risk

Overview

RedLine has a legitimate usage-tracking purpose, but it asks agents to repeatedly use local OAuth credentials through scripts that are not included for review.

Install only if you are comfortable with a skill using Claude/OpenAI OAuth credentials to make provider usage API calls. Do not wire it into heartbeat until the actual scripts are present, reviewed, pinned to the expected path, and confirmed not to print, store, or send tokens anywhere except the intended provider endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documentation explicitly instructs the agent to read an OAuth token from the macOS Keychain and send authenticated requests to an external Anthropic usage API, but it does not include an explicit user-facing warning or consent step for credential access and outbound transmission. In an agent skill context, normalizing silent credential retrieval and network use increases the risk of unauthorized token use, accidental overreach, and reduced operator awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation directs the skill to read OpenAI OAuth tokens from a local auth-profiles file and call the ChatGPT usage API without prominently warning the user that local credentials will be accessed and used for outbound requests. That omission is risky in an automation setting because agents may execute the workflow without the user realizing credential material is being consumed for remote API access.

Credential Access

High
Category
Privilege Escalation
Content
**Requirements:**
- macOS with `security` CLI (Keychain access)
- Claude Code OAuth token in Keychain (run `claude login` to set up)
- Token needs `user:profile` scope (standard Claude Code login provides this)

**Token location:** macOS Keychain, service `Claude Code-credentials`, account = your macOS username.
Confidence
90% confidence
Finding
Keychain

Credential Access

High
Category
Privilege Escalation
Content
- Claude Code OAuth token in Keychain (run `claude login` to set up)
- Token needs `user:profile` scope (standard Claude Code login provides this)

**Token location:** macOS Keychain, service `Claude Code-credentials`, account = your macOS username.

### `openai-usage`
Confidence
82% confidence
Finding
Keychain

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal