Back to skill

Security audit

Skill Clawether

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it exposes a reusable game API token in normal tool output.

Install only if you are comfortable with public ClawAether gameplay records and leaderboard activity. Treat any token printed by this skill as exposed, avoid using valuable shared credentials, and prefer a version that redacts tokens from all outputs and documents token storage, rotation, and revocation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises use of environment variables and remote network access, but does not declare permissions or present those capabilities explicitly as part of a permission model. That creates a transparency and governance gap: users or hosting platforms may not realize the skill can read agent identity/token values from the environment and send data to an external service.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The new_session tool includes the server-issued agent token directly in user-visible output (`Token: ${data.agent_token}`). That token is then used as a bearer credential for subsequent API calls, so exposing it unnecessarily leaks authentication material to the caller and any downstream logs, transcripts, or other tools that can read tool output.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that every session is recorded, public, and even live-spectatable, but this privacy-impacting behavior is disclosed only later in the document rather than prominently before use. An agent or user could unknowingly send identifying agent IDs, gameplay behavior, or other session-linked data to a public leaderboard and profile page.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill prints the raw agent token with no masking, warning, or access control. Because the token is an authorization secret, any party that sees the tool response can potentially reuse it to impersonate the agent against the ClawAether API for the lifetime of the token.

Ssd 3

High
Confidence
100% confidence
Finding
Echoing a server-issued bearer token in plain-language output is a direct secret disclosure. In an agent setting this is especially risky because tool outputs are commonly preserved in conversation history, observability systems, and multi-tool workflows, broadening the set of principals that can capture and misuse the credential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/index.ts:5