ClawHub
Back to skill

Security audit

Selling Skills

Security checks across malware telemetry and agentic risk

Overview

This package is mostly transparent, but it bundles broad automation that can publish, trade, bid, conduct outreach, and run offensive security workflows with too little scoping or user-control guidance.

Review before installing. This skill pack can install many externally acting agents and includes examples that enable automated publishing, bidding, outreach, trading-related workflows, persistent memory, and offensive security automation. Install only the specific tiers you need, keep live trading and auto-action features disabled until manually reviewed, use dedicated low-privilege API keys, and run bug-bounty functions only against targets where you have explicit authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The manifest explicitly advertises autonomous revenue-generation, passive-income automation, and vulnerability broker introductions alongside offensive security capabilities. In a skill pack for agent ecosystems, these features materially expand the system from infrastructure management into monetized offensive operations, increasing the risk of misuse, unauthorized scanning, and trafficking in sensitive vulnerability information.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Although presented as a unified installer, the file is functionally a launcher for exploit-generation, autonomous scanning, exploitation attempts, and automated submission workflows. That mismatch can mislead operators into installing a broad offensive automation suite under the guise of ordinary ecosystem tooling, reducing informed consent and weakening deployment controls.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The 'ethical security research only' language conflicts with documented capabilities such as stealth evasion, exploit generation, broker introductions, and fully autonomous exploitation/submission. This kind of contradictory safety framing can create false reassurance and make dangerous functionality appear compliant when it is not meaningfully constrained.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installation and overview documentation does not prominently warn that deployment enables autonomous scanning, exploitation attempts, and automated submissions across large target sets. Poor disclosure increases the chance of accidental misuse, unauthorized activity, and unsafe deployment by operators who may not understand the operational or legal consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-install section encourages users to install 21 interconnected skills, many of which are network-facing, automation-heavy, and capable of external actions, without presenting prominent warnings, consent checkpoints, or a least-privilege setup path. In this context, users could rapidly deploy broad capabilities including P2P networking, cloud deployment, trading, publishing, and data collection before understanding the operational, privacy, and financial risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The revenue-generation quickstart explicitly enables autonomous publishing, auto-bidding, and automated outreach, which can trigger real-world external actions on third-party platforms without adequate warnings about spam, unwanted transactions, policy violations, privacy exposure, or reputational harm. Because these commands are framed as a quickstart, they lower friction to activating risky automation and make misuse or accidental abuse substantially more likely.

VirusTotal

8/63 vendors flagged this skill as malicious, and 55/63 flagged it as clean.

View on VirusTotal