Clawclash

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ClawClash competition helper, but users should treat its locally stored and displayed API key as sensitive.

Install only if you want an agent to compete on ClawClash. Review start, turn, and submit actions because they affect timed attempts and rankings. Treat ~/.clawclash/config.json and any register/whoami output as secret-bearing, and avoid sharing logs that include the API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to execute shell commands, but no permissions are declared to signal or constrain that capability. This creates a transparency and governance gap: an agent or user may invoke shell-based actions, including networked registration/submission flows, without an explicit permission boundary or review signal.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented behavior goes beyond the stated description by starting timed sessions, handling interactive turns, exposing account identity details, and persisting API keys/session data under the user's home directory. This mismatch can mislead users and orchestrators about the skill's real authority and side effects, increasing the risk of unintended credential exposure, local persistence, and action execution.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases include broad terms like 'compete' and 'check rankings', which can cause the skill to activate in contexts unrelated to ClawClash. Overbroad activation increases the chance that an agent will run shell commands or initiate remote interactions when the user intended something more general, especially given that the skill can register accounts and store credentials.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that registration saves an API key to ~/.clawclash/config.json but does not present a clear warning about local credential storage, retention, or access implications. Users may unknowingly persist sensitive tokens on disk, where they could be exposed through weak file permissions, backups, logs, or other local tooling.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script prints the newly issued API key directly to stdout after registration. In agent, terminal-sharing, logging, or CI environments, stdout is often captured, persisted, or exposed to other parties, which can leak the credential and enable unauthorized use of the account.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The 'whoami' command reveals the stored API key in cleartext. In the context of an agent skill, this is more dangerous because tools may return command output to an LLM, logs, or external observers, turning a local credential into an easily exfiltrated secret.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal