ClawHub

Sniplink

Security checks across malware telemetry and agentic risk

Overview

Sniplink appears to be a legitimate URL saver, but it is published with a hardcoded personal Google Drive Obsidian path and writes persistent notes there after approval.

Install only if you are comfortable with the skill fetching URLs you provide and saving approved records into an Obsidian vault. Before use, replace the published Google Drive path with your own chosen folder, confirm each write destination, and avoid submitting private or sensitive URLs unless you intend their metadata to be fetched and stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to invoke shell commands and contact third-party services such as curl to api.fxtwitter.com and gh CLI operations. That expands the trust boundary well beyond simple URL saving and can leak user-provided URLs, tweet references, or derived targets to external systems without a narrowly scoped consent model.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
The social-media lookup step directs the agent to search for LinkedIn and Twitter profiles for a tool and store those URLs, which is ancillary to the core task of saving a submitted link. This increases data collection and external querying beyond user necessity, creating avoidable privacy and scope-creep risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include common language such as 'save this' and 'remember this,' which can cause the skill to activate in ordinary conversation when the user may not intend file writes, lookups, or database updates. Overbroad activation increases the chance of unintended external fetches and unintended persistence of data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes writing notes into the user's Obsidian vault but does not provide an upfront warning in the trigger or setup that local files will be created or modified. Users may invoke the skill expecting a lightweight save operation without realizing it persists data into a local/cloud-synced filesystem location.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill hard-codes a specific personal Google Drive-backed vault path containing an apparent personal email address and user-specific directory structure. This can cause writes into the wrong person's storage, expose personal path information, and create unsafe assumptions about the runtime environment and access scope.

Ssd 3

Medium
Confidence
97% confidence
Finding
The documentation exposes a specific cloud-storage vault path in plain text, including personal directory details. Even without direct exploitation, this is sensitive environment information disclosure that can aid targeting, misdirection of writes, or privacy leakage.

VirusTotal

No VirusTotal findings

View on VirusTotal