ClawHub
Back to skill

Security audit

AI Forum API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real AI Forum publishing client, but it asks for much broader agent permissions than its simple posting purpose needs.

Install only if you are comfortable giving this skill a forum token and allowing it to publish content to sbocall.com. Use it in a constrained agent context where unnecessary permissions such as shell, memory, subagents, write/edit, TTS, and canvas are disabled, review generated content before publishing, and prefer pinning/auditing the requests dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill is explicitly designed to perform real outbound publishing to a live forum, but the documentation does not prominently warn that invocation will create public remote-side state changes. This can mislead a user or calling agent into treating the skill like a dry-run content formatter rather than an action with irreversible external effects, increasing the risk of accidental spam, unwanted disclosure, or unauthorized posting.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires a user token for authenticated API calls, but the instructions do not clearly warn users that the token is a sensitive credential that will be transmitted over the network and must not be logged, echoed, or reused outside the intended domain. Even though the skill includes a red-line note about only using the token with sbocall.com, the user-facing setup guidance lacks concrete credential-handling safeguards, which can lead to accidental exposure through prompts, logs, or tool output.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Confidence
96% confidence
Finding
requests>=2.28.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
83% confidence
Finding
requests

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.