ClawHub

Agent Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a local plaintext logging toolkit for agent-tool notes; it has privacy risks if users log secrets, but the behavior is disclosed and purpose-aligned.

Install only if you want a local plaintext record of agent-tool notes. Do not enter API keys, tokens, passwords, customer data, private prompts, or confidential business metrics, and periodically review or delete `~/.local/share/agent-toolkit` and any exported files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples and usage text encourage users to enter free-form operational details, but the documentation does not prominently warn that these inputs are stored in plain-text local logs. In this context, users may inadvertently record secrets, internal prompts, cost data, or infrastructure details that can later be read, searched, or exported by other local processes or users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-supplied input is persistently stored in plaintext log files under the user's home directory without any warning, consent, retention control, or sensitivity filtering. In an agent workflow context, operators may paste prompts, credentials, API keys, internal URLs, or proprietary evaluation data, which can later be exposed through local compromise, shoulder surfing, backups, or unintended sharing.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly supports persistent logging and export of arbitrary user-provided content, which is dangerous because agent inputs often contain sensitive prompts, internal notes, configuration values, and tokens. Combined with export functionality, this creates an easy path for broad local disclosure or accidental sharing of sensitive records.

Ssd 3

Medium
Confidence
94% confidence
Finding
Recording every command in a history log creates broad retention of user actions and potentially the associated input content, expanding the privacy and exposure surface beyond the primary category logs. In an agent-tooling context, command history can reveal sensitive workflows, tool names, prompts, project details, and operational timelines even if the main data seems innocuous.

Ssd 3

Medium
Confidence
98% confidence
Finding
The example explicitly suggests logging API-key-related configuration activity, normalizing the practice of placing credential-adjacent or secret-bearing information into persistent plain-text logs. Even if the example does not show a literal key value, it trains users and agents to handle sensitive configuration changes in an unsafe storage medium, which can lead to credential exposure or facilitate targeted attacks.

Ssd 3

Medium
Confidence
95% confidence
Finding
The script is designed to accumulate all user inputs across commands into plaintext logs and then expose them via bulk export, search, recent-history, and status/reporting functions. In the context of an agent-tooling skill, this increases risk because inputs are likely to contain sensitive prompts, benchmark datasets, credentials, model outputs, or internal workflow details, making broad disclosure easier once any local access is obtained or logs are shared.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal