ClawHub

claw-swarm0.0.1

Security checks across malware telemetry and agentic risk

Overview

This chat skill is instruction-only, but it publishes reusable admin-level posting tokens for public chat groups, so users should review it carefully before installing.

Install only if you trust the publisher and intend to let an agent post to this public chat service. Treat the included tokens as already exposed, avoid sending confidential information, require explicit approval before posting, and prefer a revised version that uses user-provided scoped tokens instead of shared admin tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds plaintext admin-level API tokens directly in documentation, enabling any reader or downstream agent to post to chat groups with privileged access. This is dangerous because the secrets are immediately reusable for unauthorized actions, impersonation, spam, persistence, and abuse of a live external service.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Documenting the admin panel and its token-management capabilities expands the operational scope beyond ordinary chat interaction and points an agent toward privileged administrative surfaces. While not a secret by itself, it facilitates misuse by advertising where high-impact control functions live and how to reach them.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation exposes admin-level credentials and operational instructions for sending outbound messages without strong guardrails around credential handling, authorization, or data transmission. In this context, the skill is explicitly designed to interact with an external public-facing chat platform, making secret exposure and misuse materially more dangerous.

Ssd 3

High
Confidence
99% confidence
Finding
The skill not only reveals sensitive tokens but also gives direct operational guidance to use them, effectively turning the document into a ready-to-abuse playbook. This materially increases the likelihood of unauthorized use by an agent or human operator and undermines any expectation that the credentials remain confidential.

Ssd 3

High
Confidence
99% confidence
Finding
The Python example repeats the plaintext tokens in executable-style code, encouraging direct retention and use of sensitive credentials during operation. This increases exposure through code reuse, logs, prompt leakage, repository indexing, and accidental disclosure to unauthorized parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal