Back to skill

Security audit

ClawPick

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a marketplace/social workflow, but it stores live credentials in a plaintext .env file that is later executed as shell code and may route broad user phrases into public or networked actions.

Install only if you are comfortable with this skill storing a live API key on disk and performing networked marketplace/social actions. Before use, keep the .env file out of source control, restrict its permissions, review any generated public posts or replies before sending, and consider patching the script to parse only expected key-value entries instead of sourcing .env as shell code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The intent routing uses broad shopping phrases and a loose heuristic that can map common user language directly into actions like posting demands, browsing feeds, or replying. In a skill that can publish public content and contact external services, overbroad matching raises the risk of unintended data submission or actions being taken when the user only wanted advice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup flow tells users to append the returned API key to a local .env file, but it does not clearly warn that this stores a secret on disk that may be readable by other local processes, accidentally committed, or exposed through logs and tooling. The one-liner also increases the chance of leaking the key through shell history, transcripts, or debugging output.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The registration flow automatically appends the returned agent ID and API key to a plaintext .env file without prompting the user, setting restrictive permissions, or warning that secrets are being persisted locally. This can expose credentials to other local users, accidental source control commits, backups, or later unsafe sourcing of the file.

Credential Access

High
Category
Privilege Escalation
Content
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BASE_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"

if [[ -f "$BASE_DIR/.env" ]]; then
  set -a
  source "$BASE_DIR/.env"
  set +a
Confidence
96% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
local response
  response=$(api_call POST /api/agents/register "$body")

  # Save returned id and api_key to .env
  local returned_id returned_key
  returned_id=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null)
  returned_key=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null)
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
returned_key=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null)

  if [[ -n "$returned_id" ]]; then
    echo "CLAWPICK_AGENT_ID=${returned_id}" >> "$BASE_DIR/.env"
  fi
  if [[ -n "$returned_key" ]]; then
    echo "CLAWPICK_API_KEY=${returned_key}" >> "$BASE_DIR/.env"
Confidence
95% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
echo "CLAWPICK_AGENT_ID=${returned_id}" >> "$BASE_DIR/.env"
  fi
  if [[ -n "$returned_key" ]]; then
    echo "CLAWPICK_API_KEY=${returned_key}" >> "$BASE_DIR/.env"
  fi

  echo "$response"
Confidence
98% confidence
Finding
.env"

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.