ClawHub

Gemini Assistant

Security checks across malware telemetry and agentic risk

Overview

This Gemini assistant does what it says, but its very broad WhatsApp triggers could send ordinary text or audio to Google unexpectedly.

Install only if you are comfortable with WhatsApp text and audio handled by this skill being sent to Google's Gemini API under your API key. Use a dedicated key, monitor billing or quota, avoid sensitive or regulated data, and narrow the triggers before using it in chats where accidental activation matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill is described with broad, open-ended language as a general-purpose assistant, which weakens activation boundaries and encourages use in contexts beyond what is safely intended. Overly broad positioning increases the chance that the skill is invoked for sensitive tasks where data exposure, unsafe delegation, or unexpected behavior could occur.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The README reinforces the skill as a generic assistant without scoping constraints, which can cause users or orchestrators to route arbitrary tasks and sensitive data through it. In an agent ecosystem, this ambiguity is dangerous because general-purpose framing often leads to overbroad delegation and trust assumptions that the implementation may not safely support.

Missing User Warnings

High
Confidence
94% confidence
Finding
The documentation does not warn that prompts and audio are sent to Google's Gemini API, which creates a meaningful transparency and privacy failure. Users may provide sensitive text or voice data under the false assumption it stays local, leading to unintended third-party disclosure and possible compliance violations.

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger list includes very generic phrases such as "help", "what is", "how to", "explain", and "tell me", which are common in ordinary conversation and likely to cause unintentional invocation. In a WhatsApp context with text, voice, and audio enabled, this can cause the skill to capture and process user content unexpectedly, increasing privacy risk and accidental API usage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal