ClawHub

Synthetic Data Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote synthetic-data tool, with expected paid AgentPMT calls and test-data outputs, but users should invoke it deliberately and keep generated secret-like or injection-like data in test contexts.

Install only if you intend to use AgentPMT's remote paid synthetic-data service. Invoke it explicitly for fake test data, monitor credit use, do not send unnecessary private inputs, and keep generated credit-card-like, token-like, and injection-pattern outputs in isolated development or testing workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises very broad activation keywords such as generic verbs and phrases around generating data, which can cause an agent to select this remote tool in unintended contexts. Because the tool performs paid remote calls and can generate large or specialized datasets, overbroad discovery terms increase the risk of unnecessary external requests, cost, and inadvertent transmission of user-provided parameters to a third-party service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The schema explicitly supports generation of financial records and technical values such as API keys and tokens, but it does not clearly label them as synthetic-only or warn against using them in production-like authentication, payment, or monitoring workflows. That omission can lead downstream agents or users to mishandle realistic-looking secret and payment artifacts, causing accidental security testing against live systems, data contamination, or confusion with real credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The edge-case mode can generate injection-pattern payloads for security testing, but the schema provides no warning that these strings may trigger alerts, break parsers, poison logs, or cause unsafe behavior if routed into live systems. In an agent setting, omission of those warnings increases the chance that generated payloads are automatically forwarded into production applications or shared infrastructure without containment.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal