ClawHub

PsyClaw ISI

Security checks across malware telemetry and agentic risk

Overview

This insomnia screening skill is coherent, but it asks to send sensitive health-style answers and scores to a remote platform using credentials without clear consent, destination, or data-handling boundaries.

Review before installing or using. Confirm the companion skill source, the exact platform URL, and the API token scope. Treat ISI answers and scores as sensitive personal information, review the JSON payload, and only submit it after explicitly confirming that you want it sent to that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill instructs users to run a forced install/update command that modifies the local environment, but it provides no warning, review guidance, or trust boundary around executing it. In a security-sensitive agent ecosystem, normalizing `--force` package operations can lead to unintended package replacement, dependency changes, or execution of unreviewed code.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to return the complete assessment JSON to a remote platform, but it does not require any user-facing disclosure, consent, or data-minimization step. Because the payload contains sensitive health-related self-report data, silent transmission creates a privacy risk and may violate expected handling requirements for personal health information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example curl command shows authenticated remote submission of assessment results using an API key, but it omits any privacy warning or confirmation step. This normalizes exfiltration of potentially sensitive assessment data and could lead implementers to send user data off-device without informed consent or adequate safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal