ClawHub

Beatclaw

Security checks across malware telemetry and agentic risk

Overview

BeatClaw appears to do what it advertises, but it can persistently replace its own local instructions from a live website and handles paid-service keys and payout details with limited storage disclosure.

Install only if you trust BeatClaw with paid music-generation credentials, payout information, and marketplace actions. Prefer the ClawHub install path, review any downloaded SKILL.md before replacing the local file, and use revocable Suno/MVSEP keys with spending limits where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup explicitly tells the user to have the agent fetch and install a remote skill from a live URL, which creates a remote code/instruction supply-chain risk. Because skills are loaded on future sessions, any compromise of the hosting endpoint or malicious update could persistently influence agent behavior without user review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document states that the agent will automatically handle registration, API key storage, and configuration for multiple sensitive credentials, but provides no guidance on secure secret handling. This increases the risk of secrets being stored insecurely, exposed in prompts/logs, or transmitted to unintended destinations by the skill.

Missing User Warnings

Low
Confidence
86% confidence
Finding
Instructing users to have the agent store an MVSEP API key without describing storage protections normalizes secret submission to the agent and may lead to unnecessary exposure of a credential. While the key is lower sensitivity than a primary payment credential, compromise could still enable account abuse or service misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal