ClawHub

Expanso keyword-extract

Security checks across malware telemetry and agentic risk

Overview

This skill performs keyword extraction as advertised, but its server mode exposes an unauthenticated all-interface HTTP endpoint that forwards submitted text to OpenAI using the user’s API key.

Install only if you are comfortable sending the text you analyze to OpenAI. Avoid using it on secrets, regulated data, or proprietary documents without review. Prefer CLI mode for controlled local use, set limits on the OpenAI key, and do not run MCP/server mode on a reachable network unless you add authentication and bind it to localhost or another protected interface.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This pipeline forwards arbitrary stdin content directly to the OpenAI API, which can expose sensitive user data to an external third-party service without any explicit warning or consent mechanism in the skill itself. In CLI mode, users may pipe files, logs, or proprietary text into the tool and may not realize that all content is transmitted off-host.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest defines a remote OpenAI backend for processing arbitrary user-supplied text, but it does not disclose that submitted content may leave the local environment and be sent to a third-party service. This creates a real privacy and data-handling risk because users may provide sensitive, proprietary, or regulated text under the assumption that processing is local or undisclosed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal