ClawHub

claw-pet

Security checks across malware telemetry and agentic risk

Overview

This skill transparently calls a user-configured pet-catching backend and does not show hidden, destructive, or unrelated behavior.

Install only if you intend to connect this to a pet backend you control. Configure CATCH_API_URL to a trusted HTTPS endpoint, use a dedicated low-scope API key, avoid storing production secrets in _meta.json, and be aware that catch/fishing/luck prompts may send an authenticated remote request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'req' from os.environ.get (line 53, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
def fetch_result(config: Dict[str, str]) -> Tuple[int, Dict[str, Any]]:
    req = build_request(config["CATCH_API_URL"], config["API_KEY"])
    try:
        with urllib.request.urlopen(req, timeout=20) as resp:
            status = getattr(resp, "status", 200)
            body = resp.read().decode("utf-8")
    except urllib.error.HTTPError as e:
Confidence
88% confidence
Finding
with urllib.request.urlopen(req, timeout=20) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation indicates use of environment variables, local files, and outbound network access, but it does not declare those capabilities as permissions. That creates a transparency and policy problem: users and platforms may not realize the skill can read secrets and contact an external service, which weakens informed consent and review.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger language is broad enough to match common phrases like 'try their luck' or 'go catch something,' which can cause accidental invocation. Because the skill performs a remote action against a configured backend, ambiguous triggering can lead to unintended external API calls and side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly sends requests to a user-configured external backend using an API key, but the documentation does not clearly warn that user prompts or derived action data may be transmitted off-platform. This reduces user awareness of data egress and may cause users to expose sensitive information to an external service they or someone else configured.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal