ClawHub

Offline Llama

Security checks across malware telemetry and agentic risk

Overview

This skill fits local Ollama management, but it gives an agent broad automatic system-control behavior and may use remote models despite local-only privacy claims.

Review before installing. Use it only if you are comfortable with an agent managing Ollama services and model storage. Require explicit confirmation before restarts, cleanup, model reinstallations, or any remote-model fallback, and do not rely on the local-only privacy claim unless remote fallback is disabled or clearly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill's security section states that all operations are local and require no external dependencies, but earlier sections explicitly describe fallback to remote models when internet is available. This mismatch can mislead users and downstream agents into sending sensitive prompts or data off-device under a false assumption of local-only processing, creating privacy and trust risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises autonomous self-healing actions such as restarting services, clearing cache/files, and reinstalling models without clearly warning users about the operational side effects. Automatic maintenance actions can interrupt workloads, remove data needed for troubleshooting, or alter the local environment unexpectedly, which is risky in an autonomous agent context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill presents itself as privacy-preserving and local/offline-oriented, but it also documents automatic fallback to remote models when internet connectivity exists. Without a clear warning, users may reasonably assume prompts remain local when in fact data could be transmitted to external services, exposing sensitive information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal