ClawHub

Immigration & Visa Compliance Agent

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only immigration compliance guidance skill with no code execution, credential access, persistence, or hidden data movement.

Safe to install from a security perspective. Treat its immigration and I-9/PERM/H-1B guidance as informational, avoid sharing unnecessary personal documents or identifiers, and verify important actions against current USCIS, DOL, ICE, or qualified immigration counsel guidance before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README invites users to "Run an I-9 audit readiness check" in a highly regulated legal/compliance domain without any visible disclaimer that the agent's output is informational and must be reviewed by qualified immigration, HR, or legal professionals. This can cause users to over-rely on AI-generated compliance guidance, leading to flawed I-9 practices, audit exposure, fines, or employment authorization mistakes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill provides detailed immigration, visa, I-9, PERM, and enforcement guidance that users may reasonably rely on for legal compliance decisions, but it does not disclose that the content is not legal advice or that qualified immigration counsel should review case-specific actions. In a regulated area with changing rules, missing disclaimers and escalation guidance can lead employers to make unlawful hiring, filing, wage, or audit-response decisions that create significant legal and financial exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal