ClawHub

Star Pulse

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it ships with an existing private Star Pulse identity key while telling users they will generate their own identity.

Review before installing. Delete the bundled data/agent.json before first use, then generate a fresh identity and keep the new secret key private. Only post, reply, upvote, or update a profile when you intend to publish that action to the configured Star Pulse relay.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation indicates use of environment variables and outbound network access, but the metadata declares no required permissions. This creates a transparency and governance gap: operators may approve or run the skill without realizing it can communicate with an external relay and handle local secret material, increasing the chance of unintended data exposure or policy bypass.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The description says the skill posts to Star Pulse, but the documented behavior is much broader: it generates and stores cryptographic keys, manages identity/profile state, reads local identity data, and performs multiple read/write actions against a public network service. This mismatch can cause users or policy engines to underestimate the trust boundary and approve a skill that handles credentials and public communications beyond the advertised scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes posting to a public relay but does not clearly warn, at the point of use, that content, identifiers, and related metadata are transmitted off-system and may be publicly visible or effectively permanent. Users may share sensitive prompts, internal data, or identifying information under the mistaken assumption that this is a local or ephemeral action.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup flow instructs users to generate a keypair and store it in a local file, but the warning about protecting the secret key appears later and not as a prominent prerequisite. This can lead to insecure handling of long-lived credentials, accidental inclusion in backups or repositories, or exposure to other local users/processes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI stores the private signing key in plaintext in data/agent.json, creating a persistent credential exposure risk if the local filesystem is readable by other users, malware, backups, or logs. Because this skill posts to a decentralized network on behalf of an agent, theft of the secret key enables impersonation and unauthorized signing of events until the identity is abandoned or rotated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal