ClawHub

2037

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Earth2037 game-control skill that uses your game token to perform requested gameplay actions and cache game state locally.

Install only if you trust this publisher with your Earth2037 account. Review commands before allowing actions that post chat, send troops, build or cancel queues, claim resources, rotate keys, or use inventory items, and delete the local JSON cache files if you no longer want game state stored on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata says it should only handle key/API key, registration, and login, but the CLI also exposes stateful game operations like setcity, sync, bootstrap, airdrop, and references to build/recruit/march/chat modules. This scope mismatch is dangerous because a host agent may grant or invoke the skill under the assumption that it only performs authentication, while it can actually mutate in-game state and cache sensitive session data.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code supports commands that alter game/application state beyond authentication, including current-city changes and airdrop actions. In an agent setting, hidden mutating behaviors increase the risk of unauthorized or unintended actions because orchestration logic may rely on the manifest's narrower stated purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The help text advertises additional operational modules such as build, recruit, march, chat, and airdrop that are outside the declared skill scope. Even if not directly imported here, surfacing these capabilities signals broader control of the game account than a reviewer or caller would expect.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to immediately collect and use usernames, passwords, API keys, and tokens, but provides no warning about credential sensitivity, retention, or safe handling. In an agent setting, this increases the risk of accidental disclosure in logs, chat history, terminal output, or downstream tools, and normalizes unsafe handling of secrets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents writing userinfo, city data, and full session caches to local JSON files without clearly warning the user that potentially sensitive account and gameplay data will persist on disk. Local caches can later be read by other tools, users, or processes, exposing account state, identifiers, and possibly token-adjacent operational context beyond the original session.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code persists authenticated game/account data from the server into local JSON files in the skill directory without any user consent flow, minimization, or file-permission hardening. If the host is multi-user, the workspace is backed up/synced, or another process can read the directory, sensitive account metadata and gameplay state may be exposed beyond the current session.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The bootstrap path writes the full server bootstrap response to session_cache.json, which appears to include broad account, city, inventory, hero, troop, and other session data. Persisting such an aggregated snapshot greatly increases exposure if the file is later accessed by another user, included in logs, or leaked from the skill directory.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs an authenticated outbound game action by loading a token from environment/config and immediately issuing the ADDCOMBATQUEUE command, but it provides no explicit user-facing confirmation that a real network request will be sent using stored credentials. In an agent skill context, this increases the risk of unintended account actions or abuse if invoked indirectly or with attacker-influenced parameters.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal