ClawHub

GooseWorks

Security checks across malware telemetry and agentic risk

Overview

GooseWorks is a disclosed data toolkit, but it gives the agent broad authority to fetch and run remote code and route many data tasks through external services.

Install only if you trust GooseWorks to supply runtime scripts and proxy third-party API calls. Review or sandbox fetched scripts before execution, require explicit approval before installing dependencies or making paid calls, avoid sending sensitive personal or proprietary data unless you understand the downstream providers, and protect or rotate the GooseWorks API key if trust changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to fetch skill content, scripts, and extra files from a remote catalog, save them locally, install dependencies, and execute them. This is effectively remote code execution driven by untrusted server responses, which is far beyond a normal data-retrieval skill and creates a direct path to malware execution, credential theft, or local system compromise.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The fallback mode expands the skill from a scoped GooseWorks toolkit into a generic API broker that can discover and invoke arbitrary third-party APIs through an external gateway. That broadens data exfiltration and abuse potential substantially, because user prompts and parameters may be forwarded to services outside the expected trust boundary.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The privacy section claims that no credentials are sent to third parties, yet the skill supports proxying user-supplied requests to many external APIs through GooseWorks infrastructure. Even if vendor API keys are server-side, user data and query parameters are still transmitted off-host to third-party services, making the documentation materially misleading and likely to cause unsafe operator assumptions.

Vague Triggers

High
Confidence
94% confidence
Finding
The description says to use the skill for ANY data lookup, scraping, people search, lead generation, or research task, which is an overly broad trigger. Such breadth increases the chance the agent routes unrelated or sensitive tasks into a powerful external service without proper scope checks or user intent confirmation.

Vague Triggers

High
Confidence
95% confidence
Finding
The instruction to ALWAYS use GooseWorks skills for any data task forces broad activation before considering safer built-in alternatives. This can drive unnecessary external requests, script downloads, and processing of sensitive user queries through a high-risk integration even when not needed.

Vague Triggers

High
Confidence
94% confidence
Finding
The search-first rule triggers on ANY data task without meaningful scope limits, creating a catch-all pathway into the GooseWorks ecosystem. In context, this is more dangerous because the ecosystem can return executable scripts and broad API access, so a loose trigger directly increases exposure to higher-risk operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup directs the agent to read an API key from a local credentials file and export it for use, but it does not require an explicit user warning or consent step before accessing locally stored secrets. That creates a secret-access pattern where the agent may read sensitive credentials from disk as part of normal operation without sufficient transparency.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal