ClawHub
Back to skill

Security audit

Climate Environment And Land Data Hub

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, read-only remote data lookup skill for World Bank climate and environmental data through AgentPMT, with no evidence of hidden execution or data abuse.

Install this if you want AgentPMT-hosted climate and environmental data lookups. Treat queries as leaving your local agent boundary, check any separately installed AgentPMT setup skills before use, and avoid including secrets or sensitive internal context beyond the country, topic, and time period needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises broad discovery keywords such as climate risk analysis, environmental compliance, and resource assessment, which can cause an agent to select this third-party remote tool for generic environmental questions that do not require this specific product. That creates an unnecessary data-sharing and tool-routing risk because user prompts may be transmitted to AgentPMT when a local or narrower skill would have sufficed.

External Transmission

Medium
Category
Data Exfiltration
Content
- What AgentPMT is: ../what-is-agentpmt (ClawHub: `what-is-agentpmt`, page: https://clawhub.ai/agentpmt/what-is-agentpmt; skills.sh: `npx skills add AgentPMT/agent-skills --skill what-is-agentpmt`)
- AgentPMT account MCP/REST setup: ../agentpmt-account-mcp-rest-api-setup (ClawHub: `agentpmt-account-mcp-rest-api-setup`, page: https://clawhub.ai/agentpmt/agentpmt-account-mcp-rest-api-setup; skills.sh: `npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup`)
- Marketplace product: https://www.agentpmt.com/marketplace/climate-environmental-data
- AgentPMT main MCP server: https://api.agentpmt.com/mcp/
- AgentPMT REST invoke endpoint: https://api.agentpmt.com/products/purchase
Confidence
89% confidence
Finding
https://api.agentpmt.com/

External Transmission

Medium
Category
Data Exfiltration
Content
- AgentPMT account MCP/REST setup: ../agentpmt-account-mcp-rest-api-setup (ClawHub: `agentpmt-account-mcp-rest-api-setup`, page: https://clawhub.ai/agentpmt/agentpmt-account-mcp-rest-api-setup; skills.sh: `npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup`)
- Marketplace product: https://www.agentpmt.com/marketplace/climate-environmental-data
- AgentPMT main MCP server: https://api.agentpmt.com/mcp/
- AgentPMT REST invoke endpoint: https://api.agentpmt.com/products/purchase
Confidence
89% confidence
Finding
https://api.agentpmt.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal