ClawHub

Pocketalert

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a real notification service, but it exposes full account-management and credential/configuration authority that users should review before installing.

Install only if you want Codex to use PocketAlert beyond simple message sending. Use a least-privilege API key if possible, avoid sending secrets or sensitive operational data in notifications, verify the CLI download source, and require explicit approval before delete, API-key, or base-url configuration commands are run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill’s stated purpose is sending push notifications, but it also documents broad account and resource management functions including application, device, webhook, and API key operations. This expands the effective authority available to an agent beyond the advertised scope, increasing the risk of unauthorized changes, inventory disclosure, or misuse if the skill is invoked with excessive trust.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Enumerating API keys and allowing configuration mutation are sensitive administrative capabilities that are not necessary for routine notification sending. An agent using these commands could reveal credential inventory, replace the configured API key, or redirect traffic to a different base URL, enabling account takeover, exfiltration, or service hijacking.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes destructive operations such as deleting applications, devices, and webhooks, which materially exceed a notification-only use case. If misused by an agent or triggered accidentally, these commands could disrupt alerting, remove enrolled devices, or break integrations, causing loss of service and operational blind spots.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Documenting destructive commands without clear warnings, confirmation expectations, or rollback guidance makes accidental misuse more likely. In an agent context, terse examples can normalize unsafe execution of irreversible operations against production resources.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs users to authenticate with an API key and later shows setting a new API key, but it does not warn about secret handling, shell history exposure, or storage sensitivity. This increases the chance that credentials will be pasted into logs, CI output, shared terminals, or persisted insecurely on disk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill encourages sending messages and webhook-derived payload fields to external devices and services without warning about privacy or data sensitivity. Agents could unintentionally forward internal hostnames, commit messages, operational details, or other sensitive content to third-party infrastructure or broad device audiences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal