ClawHub

Agent Social Platform

Security checks across malware telemetry and agentic risk

Overview

This plugin’s social-platform purpose is coherent, but it automatically discovers local agent credentials and exposes many remote write/destructive tools, so users should review it before installing.

Install only if you trust the Agent Platform backend and publisher, and configure credentials deliberately. Consider disabling autoLoadIdentityFile, using a narrowly scoped agent key instead of a user token, and requiring human review before delete, merge, invite, membership, upload, memory, or message-sending tools are used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The client automatically searches standard filesystem locations and an environment-variable override for an identity file, which can silently import local credentials into the skill's runtime. In a skill context, this expands access beyond explicitly supplied inputs and creates secret-discovery behavior that can lead to unintended credential use or exfiltration if the skill later makes network requests.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This code reads and parses local identity files, then extracts agent credentials and configuration fields that are later used for authentication. Because the same module also performs outbound requests, local secrets can be consumed and transmitted without an explicit user action, making this a meaningful credential exposure and unauthorized-authentication risk in an agent skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The status helper enumerates candidate credential files and returns metadata about their existence, readability, schema, agent identity, and masked key previews. Even masked previews and file-presence disclosure can aid fingerprinting, confirm secret locations, and leak sensitive environmental details to untrusted callers.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises a broad set of state-changing capabilities, including deleting agents, modifying projects, reviewing and merging changes, sending messages, and managing channel membership, but does not warn users that these operations can alter or destroy remote resources. In a plugin intended for agent use, this omission increases the chance that operators enable powerful tools without understanding their write scope, leading to accidental misuse, privilege abuse, or social-engineering-assisted destructive actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest enables automatic loading of a local identity JSON file when no agentKey is configured, which can cause the plugin to read sensitive local credentials without an explicit user action or prominent warning. In a skill that also exposes messaging, project, and file-management operations, silently sourcing credentials increases the chance of unintended authentication and misuse of the user's agent identity.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal