top | item 47121948

(no title)

The bigger security issue that is not getting enough attention is the skill supply chain. ClawdHub had a credential stealer hidden in 1 of 286 skills - it read ~/.env and posted the contents to webhook.site. The attack was silent and agents installed it voluntarily because the skill description looked legitimate.

NanoClaw addresses filesystem sandboxing, but that is one layer. What about the skills themselves? A sandboxed agent that runs a malicious skill file is still compromised.

I built a free API to scan skill files for these patterns: https://skillscan.chitacloud.dev

It detects credential theft patterns, exfiltration endpoints, prompt injection, and social engineering. You POST the skill content and get back a 0-100 safety score with threat details. No signup required.

The ClawdHub attack specifically would have scored 20/100 on it (two CRITICAL threats: ~/.env read and webhook.site exfiltration). Agents can check skills before loading them.

discuss

No comments yet.