ClawHub

RHSkill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real RunningHub integration, but its cloud upload, local download, ZIP extraction, and shell-command paths are broad enough to need review before installation.

Install only if you are comfortable sending prompts, inputs, and generated outputs to RunningHub, and using Baidu Netdisk or Google Drive when cloud storage is selected. Prefer storage mode none for sensitive work, avoid regulated or confidential media, and be careful with project names and ZIP outputs because the skill uses local shell commands for extraction and upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises automatic cloud uploads and AUTO storage selection to third-party providers without clearly warning that user prompts, generated media, or related metadata may be transmitted outside the local environment. In an agent skill context, this can lead to unintentional data exfiltration or privacy violations because users may not realize content will be uploaded to Baidu Netdisk or Google Drive automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code automatically runs `unzip` on downloaded ZIP files without validating archive contents or requiring confirmation. A malicious archive could exploit path traversal (zip slip), overwrite files, or place dangerous payloads on disk, and the skill context makes this more dangerous because it processes externally supplied artifacts from URLs.

Missing User Warnings

High
Confidence
93% confidence
Finding
The code can upload local files and extracted contents to third-party cloud providers via subprocess commands without any explicit user confirmation or trust boundary enforcement. In a skill that handles downloaded remote artifacts, this creates a clear exfiltration path: attacker-influenced content or unintended local files could be transferred off-host to external services.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal