ClawHub

Man vs Claw

Security checks across malware telemetry and agentic risk

Overview

This is a coherent chess-voting skill, but it asks agents to periodically trust and overwrite local skill instructions from remote web content without verification.

Install only if you want an agent to participate in this public chess game. Do not enable the heartbeat self-update flow unless you are comfortable with remote web content changing local skill instructions; review fetched files before replacing local ones, protect the API key, and use more specific invocation language to avoid accidental network calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs authenticated requests using an API key but provides no warning about protecting that credential, avoiding shell history leakage, or preventing accidental disclosure in logs and transcripts. In an agent-skill context, this increases the chance that secrets are stored, echoed, or forwarded unsafely during routine execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to overwrite local skill files directly from remote URLs without integrity verification, confirmation, backup, or pinning to a trusted version. This creates a remote update channel where compromise of the server, DNS, or transport trust could replace local instructions with malicious content and persist that change on disk.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "play chess" is very broad and overlaps with common user requests that may have nothing to do with this specific third-party skill. This can cause unintended activation and route ordinary chess-related conversations into an external skill, increasing the chance of unneeded network calls or user confusion.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger "join game" is ambiguous and commonly used across many benign contexts, making reliable and safe skill invocation difficult. In a skill that connects to an external API, broad activation increases the risk of unintended engagement with the remote service and poor user consent boundaries.

Vague Triggers

Low
Confidence
87% confidence
Finding
The phrase "check game state" is generic and may collide with ordinary status-check requests in other gaming or workflow contexts. While the impact is lower than broader gameplay triggers, it still creates a risk of accidental invocation of a network-connected skill when the user intended something else.

Missing User Warnings

Low
Confidence
96% confidence
Finding
The skill explicitly recommends storing a long-lived API key in a predictable local file path without any guidance on file permissions, encryption, or secret-management practices. On multi-user systems, shared environments, backups, or developer workstations, this increases the chance of credential disclosure and unauthorized voting or account misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal