ClawHub

Avbuzz

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed adult-content query skill with an optional separate bot deployment, but the bot setup needs careful token and service handling.

Install the base skill only if you are 18+ and comfortable sending adult-content queries to FANZA/DMM. Treat the Discord/Telegram bot instructions as a separate deployment: keep tokens out of source control, avoid pasting tokens into browsers or logs, restrict config file permissions, rotate exposed tokens, and run any systemd service under a dedicated unprivileged user rather than root.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest presents the skill as an unauthenticated query tool, but the documentation also includes optional deployment as a persistent Discord/Telegram bot with scheduled notifications and tracking. This capability expansion changes the trust and risk profile materially because it introduces long-lived automation, external messaging, and credential handling that are not clearly reflected in the core skill description.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file explicitly states the skill is on-demand only and cannot autonomously push notifications, but later instructions describe scheduled daily digests and tracking alerts via deployed bots. This contradiction can mislead reviewers or users into underestimating autonomous behavior and data egress, increasing the chance of unsafe deployment without appropriate controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The deployment guide instructs users to place Discord and Telegram bot tokens into configuration files and use them in API calls, but it does not warn against committing tokens, exposing them in logs, or storing them insecurely. Mishandled bot credentials can allow takeover of messaging bots, message spoofing, and unauthorized access to configured channels or chats.

External Transmission

Medium
Category
Data Exfiltration
Content
### Telegram Setup (Optional)

1. Message `@BotFather` on Telegram → `/newbot` → copy Token
2. Send a message, then visit `https://api.telegram.org/bot<TOKEN>/getUpdates` → find `chat.id`
3. Leave both fields empty to run Discord-only

### Discord Slash Commands
Confidence
90% confidence
Finding
https://api.telegram.org/

Session Persistence

Medium
Category
Rogue Agent
Content
```

```bash
systemctl daemon-reload && systemctl enable avbuzz && systemctl start avbuzz
journalctl -u avbuzz -f  # View logs
```
Confidence
88% confidence
Finding
systemctl daemon-reload && systemctl enable

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal