ClawHub

here.now

Security checks across malware telemetry and agentic risk

Overview

This appears to be a cloud Drive and publishing skill, but it handles persistent cloud storage, sharing, and local API-key storage with scoping and consent gaps users should review carefully.

Review this before installing if you may use it with private files, credentials, research, code, or agent memory. Use it only when you intentionally want content sent to here.now, stored remotely, shared with other agents, or published on the web. Do not provide secrets unless you understand where the API key and uploaded content will persist and how to delete or revoke them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes networked APIs and shell scripts but does not declare those capabilities up front. That reduces transparency and weakens policy enforcement, making it easier for an agent to perform external actions a user may not expect, especially when handling publishing, storage, and authentication flows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill description understates or misstates behaviors involving Drive lifecycle operations, token-based sharing, anonymous publishing, and persistence semantics. When a skill can store, share, or publish data beyond what its description clearly conveys, users may disclose sensitive content under false assumptions about privacy, durability, or scope.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like 'share this', 'store this for later', or 'generate a URL', which can cause the skill to activate in contexts where the user did not intend cloud publication or persistence. That increases the risk of accidental data exfiltration, unwanted hosting, or silent storage of sensitive content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises storage for private files, memory, plans, research, and code without an equally prominent warning that this involves persistent cloud storage and possible sharing. Users may provide highly sensitive agent data without understanding retention, visibility, or cross-agent sharing implications.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction tells the agent to persist a provided API key locally immediately, without confirming whether the user consents to long-term storage on the host. This normalizes retention of sensitive authentication material and expands the blast radius if the environment, home directory, or logs are later accessed by another process or user.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow instructs the agent to collect a one-time sign-in code and then store the resulting API key itself, concentrating sensitive authentication material in the agent workflow. This creates opportunities for mishandling, unintended retention, transcript exposure, and account compromise if the agent environment is not tightly controlled.

External Transmission

Medium
Category
Data Exfiltration
Content
2. Request a one-time sign-in code:

```bash
curl -sS https://here.now/api/auth/agent/request-code \
  -H "content-type: application/json" \
  -d '{"email": "user@example.com"}'
```
Confidence
82% confidence
Finding
curl -sS https://here.now/api/auth/agent/request-code \ -H "content-type: application/json" \ -d '{"email": "user@example.com"}' ``` 3. Tell the user: "Check your inbox for a sign-in code from he

Session Persistence

Medium
Category
Rogue Agent
Content
assets, media, research, code, etc), share them with other agents, and
  continue across sessions and tools. Use when asked to "publish this", "host
  this", "deploy this", "share this on the web", "make a website", "put this
  online", "create a webpage", "generate a URL", "build a chatbot", "save this
  to my Drive", "store this for later", "write this to cloud storage", "share a
  folder with another agent", or "use my here.now Drive". Also use when asked
  to "password protect this site", "make this site private", or "share this
Confidence
90% confidence
Finding
create a webpage", "generate a URL", "build a chatbot", "save this to my Drive", "store this for later", "write this to cloud storage", "share a folder with another agent", or "use my here.now Dri

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal