ClawHub

Human Test

Security checks across malware telemetry and agentic risk

Overview

This is a mostly disclosed usability-testing skill, but it also enables automated repository analysis and write-enabled PR creation that users should review carefully before granting access.

Install only if you are comfortable sending product-testing recordings and reports to this service or your self-hosted instance. Use test accounts and non-sensitive environments. Do not provide repoUrl or grant GitHub write access unless you intentionally want automated code analysis and possible PR creation; prefer read-only access and review all diffs before merging. If self-hosting, review and pin the npm package, constrain the server, and provide only the AI API keys you intend it to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented primarily as human usability testing, but it also performs materially different high-impact actions: repository cloning, code analysis, patch generation, and potentially PR-related automation. This scope expansion can mislead users and agents into granting repository access or invoking code-changing workflows without fully understanding the operational and security consequences.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Automatic repository modification and PR creation is a powerful write capability that is not justified by a skill framed as collecting human feedback. If an agent or user enables this without strong safeguards, the platform could introduce unauthorized code changes, exfiltrate sensitive code context during analysis, or create supply-chain risk through unreviewed commits and PRs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill collects screen and microphone recordings from human testers and sends them to an external platform for AI analysis, but the description does not prominently warn about the privacy implications. Users may submit products or environments containing sensitive data without informed consent, leading to unintended disclosure of credentials, PII, internal systems, or confidential business information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explains that granting repo access may lead to automatic branch creation, code changes, pushes, and PR opening, but it does not present this as a prominent warning proportional to the risk. Users may treat repo access as passive analysis when it actually enables active modification of source control state and downstream CI/CD workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal