ClawHub

cc-connect-manager

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can expose bot credentials and make persistent chat-to-agent configuration changes without enough safety checks.

Install only if you trust cc-connect and are comfortable with chat bots controlling local agent workspaces. Use dedicated low-privilege bot tokens, avoid full-auto/yolo/bypass modes unless truly needed, back up ~/.cc-connect/config.toml first, redact secrets from any displayed config, restrict chat groups and allowlists, and know how to stop the tmux session and remove relay bindings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The removal workflow instructs direct deletion of a matching `[[projects]]` block from the user's config without an explicit confirmation or backup step. Because this changes persistent configuration and may remove the wrong block if names are ambiguous or parsing is imperfect, it can cause service disruption or accidental loss of project settings.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill tells the agent to send Ctrl-C to a tmux session and restart the service automatically, but does not require warning the user that a running cc-connect instance will be interrupted. In a live chat integration, this can briefly break message handling, disconnect bots, or interfere with in-flight tasks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script accepts sensitive bot credentials and secrets via command-line arguments and then persists them to a config file, but provides no warning about exposure through shell history, process listings, or insecure file permissions on the destination config. In this skill context, the risk is elevated because the tool is specifically meant to onboard live messaging-platform integrations, so the values handled are real operational secrets that could allow account takeover or bot impersonation if exposed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal