ClawHub

AI搜索引擎诊断助手

Security checks across malware telemetry and agentic risk

Overview

This SEO review skill appears useful, but it under-discloses that user content can be sent to a third-party service.

Install only if you are comfortable sending reviewed content, files, and URLs to the external AI Skills API. Avoid confidential drafts, regulated data, customer material, or internal strategy unless the publisher documents retention, access controls, and consent clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill is presented as a local SEO/content-review assistant, but the runner actually forwards all user-supplied parameters to a remote service at ai-skills.ai for execution. This mismatch is security-relevant because users may provide sensitive unpublished content, assuming local processing, when in fact the data is transmitted off-box to an external endpoint under API-key-authenticated tenant context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to send article text, files, and public URLs to an external AI Skills API without an explicit warning that submitted content may leave the local environment. Because the inputs can include unpublished drafts, internal links, branded guidance, or other sensitive business material, this creates a real risk of unintended third-party disclosure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest enables implicit invocation with a very broad default prompt and no clear trigger constraints, which can cause the skill to be activated in situations the user did not explicitly intend. In a content-analysis assistant, this increases the risk of inappropriate routing, unintended processing of user content, and confusing or overreaching behavior across unrelated requests.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal