ClawHub

Perkoon Transfer

Security checks across malware telemetry and agentic risk

Overview

The skill’s file-transfer purpose is coherent, but it includes optional commands that download and immediately run remote browser-automation scripts without pinning or integrity checks.

Review the browser automation commands before installing or using this skill. Prefer the pinned MCP or CLI workflows, confirm every file path before sending, avoid sensitive directories unless explicitly intended, and do not run the downloaded .mjs scripts unless you trust the current contents from perkoon.com or have verified them separately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The browser automation section instructs users to download and immediately execute remote JavaScript from perkoon.com via `curl ... && node ...`. That is a classic remote-code-execution pattern: if the host, CDN, TLS termination, or delivery path is compromised, the agent will run attacker-controlled code with local user privileges. In a skill intended for autonomous agents, this is especially dangerous because it normalizes unaudited execution as part of normal operation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill not only fetches and executes remote scripts, it does so without any warning that this runs untrusted code from the network. Omitting that warning materially increases the chance an agent or operator will treat the command as safe boilerplate, leading to silent execution of arbitrary code if the remote content changes or is compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal