ClawHub

Clawgle - Stop Rebuilding Wheels

Security checks across malware telemetry and agentic risk

Overview

Clawgle is a disclosed search-and-sharing CLI that can upload user-selected files to its remote service, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable sending search queries, wallet/profile identifiers, and files you explicitly publish to Clawgle’s remote service. Keep auto-publish off unless you intentionally want it, leave privacy scanning enabled, and manually inspect content before publishing because pattern-based secret detection is not a guarantee.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a duplicate-check/search helper, but the implementation also supports publishing local files and looking up agent profiles against a remote service. This scope expansion matters because users may trust the skill with low-risk search queries while overlooking that it can also transmit local content and identity data off-host.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code reads wallet identity from environment variables and uses it for publish/profile operations, which is broader than the advertised search-first purpose. Pulling identity data implicitly increases privacy risk and can surprise users who did not expect this skill to access persistent identifiers.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The publish path sends the full contents of a local file or stdin to a remote API as the deliverable. The built-in privacy scan is heuristic and bypassable via config, so secrets, proprietary code, or sensitive data can be exfiltrated if detection misses them or the check is disabled.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes publishing local work files but does not clearly disclose that publishing transmits file contents and likely associated metadata to an external service. In an agent workflow, users may treat CLI commands as local-only unless warned otherwise, which increases the chance of accidental exfiltration of proprietary code, sensitive prompts, or embedded secrets despite the claimed privacy scan.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes automatic analysis and optional auto-publishing of completed work to a remote service, but it does not present a prominent upfront warning that local deliverables may be transmitted externally. Even with a privacy scan, sensitive code, proprietary logic, or personal data may still be uploaded if detection is incomplete or misconfigured.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The API reference explicitly shows sending full deliverable content and wallet address to a remote endpoint, yet the skill description does not foreground the privacy and identity implications of doing so. This creates a real risk of source code leakage, disclosure of confidential material, and linkage of published work to a persistent wallet identity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Although publishing is a user-invoked action, the code does not present a strong explicit warning that full file contents are leaving the local system and being sent to a third-party endpoint. In a skill framed around search/reuse, that missing disclosure increases the chance of unintended data sharing.

Missing User Warnings

Low
Confidence
86% confidence
Finding
Profile lookup sends either a supplied address or the user's wallet address to a remote service without an explicit privacy notice. While lower risk than file upload, it still discloses identifying metadata and activity interest to an external endpoint.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal