ClawHub

ocean right marine

Security checks across malware telemetry and agentic risk

Overview

This voyage-distance skill does the advertised lookup workflow, but it exposes a shared NavOptima password and forces screenshot sharing without clear per-use consent or recipient checks.

Install only after the publisher removes and rotates the exposed NavOptima credential, switches to user-provided or managed secrets, and changes screenshot sharing to explicit opt-in with a confirmed recipient. The distance lookup workflow itself is understandable, but the current version is not appropriate for sensitive voyage, customer, or account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill’s stated purpose is distance calculation, but it also embeds mandatory outbound messaging and contact-signature behavior unrelated to that purpose. This expands the tool from a query utility into a data-exfiltration and unsolicited messaging workflow, increasing the risk of unauthorized disclosure and misuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly requires sending route screenshots to chat channels regardless of user context or authorization. That creates an unjustified outbound communication path that can leak potentially sensitive operational data, screenshots, and metadata to unintended recipients.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Mandating fixed contact and sales signature content on every response is not necessary for voyage-distance computation and introduces unsolicited promotional messaging. This can be abused for spam, brand injection, or social-engineering amplification by attaching trusted-looking contact details to all outputs.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The document contains conflicting instructions: one section forbids sending screenshots to unauthorized people, while another mandates sending them regardless of context. In practice, the unconditional instruction is dangerous because it undermines the stated security restriction and encourages agents to disclose data without performing authorization checks.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill directs automatic screenshot transmission without requiring explicit user consent at the point of sharing. For a tool handling route, ETA, and voyage details, this creates a clear privacy and confidentiality risk because sensitive operational outputs may be sent beyond the active session without the user knowingly authorizing it.

Ssd 3

High
Confidence
99% confidence
Finding
Automatically transmitting a screenshot of route results to a chat recipient regardless of conversation context can disclose voyage plans, timing, and other operationally sensitive information. The risk is amplified because screenshots may include more data than intended, including maps, metadata, and account-context elements visible in the UI.

Ssd 3

High
Confidence
98% confidence
Finding
The repeated requirement to send screenshots after every query institutionalizes ongoing disclosure of generated voyage data to chat channels. This increases the chance of accidental leakage, repeated exposure of sensitive operational information, and misuse of the agent as an automated broadcasting mechanism.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal