ClawHub

Curl Http

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward curl reference skill, but users should be careful when adapting examples that use credentials, uploads, downloads, or DELETE-style requests.

Install only if you want a curl command reference. Before using examples with real services, confirm the URL and method, avoid putting real secrets directly in commands or query strings, and check any local file path before uploading or downloading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication examples place usernames, passwords, bearer tokens, and API keys directly on the command line and in URLs. In real use, this can expose secrets through shell history, process listings, terminal logs, proxies, and server/access logs, especially for query-string API keys.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill demonstrates state-changing methods including PUT, PATCH, and DELETE without warning that they can modify or permanently remove remote data. A user or agent copying these examples against production endpoints could cause unintended destructive changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The download and upload examples write files locally and transmit local file contents to remote systems without any warning. This can lead to accidental overwrite, storage of untrusted content, or exfiltration of sensitive local files if users substitute real paths blindly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal