ClawHub

Endpoints

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Endpoints API integration, but it can upload local documents and immediately delete remote account data without built-in confirmation safeguards.

Install only if you trust endpoints.work and the skill publisher. Use it only with files and text you intend to send to the external API, keep the API key private, verify ENDPOINTS_API_URL before use, require explicit confirmation and exact targets before any delete operation, and clean up the results/ directory after processing sensitive documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad phrases such as 'create or delete endpoints' and related document-management actions without strong activation constraints. Overbroad triggers increase the chance of unintended invocation, especially for destructive operations, which could lead to accidental deletion or modification of endpoint data.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The example trigger phrase 'Remove that item' is highly ambiguous and can match ordinary conversation without sufficient context. In a skill that exposes deletion capabilities, this ambiguity materially raises the risk of accidental destructive execution against the wrong item.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow states that all results are automatically written to local JSON files and summaries without making this side effect prominent in the skill description or warning users. Because scanned documents and extracted entities may contain sensitive data, silent persistence increases the risk of unintended local data exposure, retention, and compliance issues.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation exposes destructive functions like deleteEndpoint() and deleteItem() without an explicit warning, confirmation requirement, or safety guidance. In context, deleteEndpoint removes an endpoint and all associated files, so accidental or coerced invocation could cause irreversible data loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
scanFile reads an arbitrary local file path and uploads the file contents to the remote Endpoints API. In an agent/tooling context, this creates a real data exfiltration risk because users may not be clearly informed at the moment of transmission that local file contents are leaving the host and being sent to a third-party service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
scanText sends free-form text and prompt data directly to a remote API for processing. In an agent setting, prompts and text often contain sensitive business, personal, or credential-like material, so silent transmission to an external service can expose confidential data without adequate user awareness.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
deleteEndpoint performs a destructive remote delete of an endpoint and associated files with no confirmation, dry-run, or safety interlock. In agent workflows, ambiguous user requests or prompt injection could trigger irreversible deletion of user data.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
deleteItem issues an immediate delete for an item by ID without any user-facing confirmation or validation. In autonomous or semi-autonomous agent use, this increases the chance of accidental or manipulated data loss from malformed instructions or hostile prompt content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal