ClawHub

Expanso pii-detect

Security checks across malware telemetry and agentic risk

Overview

This PII detector appears purpose-built, but it can send sensitive text to OpenAI and exposes an unauthenticated network endpoint when run in MCP mode.

Review carefully before installing. Use this only with text you are authorized to send to OpenAI, do not assume local regex-only detection is available unless you verify or add it, and avoid running MCP mode on shared or exposed networks unless you bind it to localhost and add authentication or other access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README demonstrates sending raw sensitive data, including SSNs, credit card numbers, names, addresses, and DOBs, into the skill/API without any explicit warning about privacy, retention, handling, or the need to avoid real production data in examples. Because this skill is specifically designed to process PII and requires an API key, users may unintentionally transmit highly sensitive data for analysis without understanding the privacy and compliance implications.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The pipeline binds an HTTP server to 0.0.0.0 and exposes a POST /detect endpoint, but the file contains no authentication, authorization, network restriction, or caller validation. That makes the skill broadly invokable by any reachable client, which can enable unauthorized use, cost abuse, and exfiltration of submitted text to the downstream model API.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill sends user-supplied text directly to the OpenAI API for PII detection, which is a high-risk data flow because the very purpose of the endpoint is to process potentially sensitive personal data. Without clear disclosure, consent, minimization, or policy controls in the skill, users may unknowingly transmit regulated or confidential information to a third-party processor.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill processes user-supplied text for PII and declares a remote OpenAI backend, yet it does not clearly warn that submitted content may be transmitted to a third party. Because the input is specifically likely to contain sensitive personal data, undisclosed remote processing creates a meaningful privacy and compliance risk, especially if users assume detection happens locally via regex.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal