ClawHub

Expanso sentiment-score

Security checks across malware telemetry and agentic risk

Overview

This sentiment-scoring skill does what it says, but its server mode can expose your OpenAI-backed scoring endpoint to reachable network clients without visible access controls.

Install only if you are comfortable sending submitted text to OpenAI. Prefer the CLI mode for local, user-directed scoring. If you run MCP/server mode, bind it to a trusted interface or put it behind authentication and rate limits, monitor OpenAI usage, and avoid submitting secrets, proprietary text, personal data, or regulated content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The pipeline manifest defines a CLI skill but does not declare any explicit trigger scope, allowed callers, or invocation constraints. In practice this means any context able to invoke the skill may send arbitrary stdin through to the model, increasing the chance of unintended use, abuse, or execution in contexts where users did not expect external processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill sends raw user-provided stdin to an external OpenAI API using an API key, but the manifest provides no user-facing disclosure or consent mechanism. That creates a data exfiltration and privacy risk because users may supply sensitive local or piped content without realizing it will leave the environment and be processed by a third party.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill exposes a public HTTP POST endpoint on 0.0.0.0 without any visible authentication, authorization, request schema validation, or input size constraints. This makes the pipeline callable by any reachable client and can enable abuse of the attached OpenAI-backed processing path for unauthorized use, cost amplification, and denial-of-service through large or frequent requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal