ClawHub

Deep Research with Caesar.org

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Caesar research CLI skill that uses an API key to send user-requested research, chat, and collection actions to Caesar's service, with no evidence of hidden local access or unauthorized destinations.

Install only from a Caesar CLI source you trust, protect CAESAR_API_KEY like a password, and assume research prompts, chat messages, and any collection-related context may be handled by Caesar's remote service. Do not submit secrets, regulated data, or confidential documents unless your policy and Caesar's terms permit it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly sends research queries and follow-up chat to an external API, but it does not clearly warn users that their prompts and contextual data leave the local environment. This can lead users to submit sensitive, proprietary, or regulated information under the mistaken assumption that processing is local or privacy-preserving.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation instructs users to export an API key but does not mention that the key is sensitive credential material that must be protected from logs, screenshots, shell history, and code repositories. While common in CLI docs, omitting safe-handling guidance increases the chance of accidental credential exposure and downstream account misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Collections feature suggests grouping files for research context without warning that file contents or derived embeddings/context may be uploaded to or processed by the external service. Users could unintentionally expose confidential documents, intellectual property, or personal data by attaching local files to a remote research workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal