ClawHub

data-model-designer

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-related, but it needs review because it sends user project content to a third-party AI API without clear enough user-facing privacy boundaries.

Review this skill before installing if you work with confidential construction, client, bid, design, or operational data. Use it only with data you are allowed to send to the heybossai/SkillBoss service, and prefer a local-only workflow unless the AI API transmission is clearly acceptable for your project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The instructions expand the skill from data-model design into broader document/report generation, analytics, summary statistics, and export workflows. This scope drift can cause an agent to perform actions or produce outputs outside the declared manifest purpose, increasing the risk of unintended data handling, misleading user expectations, and unsafe delegation to undocumented logic in SKILL.md.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The file frames the skill as a general construction data processing and analytics assistant, which is materially broader than the stated data-model-designer function. This mismatch can steer the agent to accept and process broader project data than necessary, weakening least-privilege boundaries and making downstream behavior less predictable and harder to secure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes AI-assisted model generation using a third-party API and requires an API key, but it does not clearly disclose that user-supplied project descriptions and potentially sensitive construction data will be transmitted off-host. This creates a real privacy and compliance risk because users may assume analysis is local and unknowingly send proprietary project details to an external service.

External Transmission

Medium
Category
Data Exfiltration
Content
def pilot(body: dict) -> dict:
    r = requests.post(
        f"{API_BASE}/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json=body,
Confidence
95% confidence
Finding
requests.post( f"{API_BASE}/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
import json

SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]
API_BASE = "https://api.heybossai.com/v1"


def pilot(body: dict) -> dict:
Confidence
89% confidence
Finding
https://api.heybossai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal