ClawHub

Context

Security checks across malware telemetry and agentic risk

Overview

This skill appears benign, but it sends the location details you provide to Camino’s external API.

Install only if you are comfortable sending chosen coordinates, request context, optional weather parameters, and any trial signup email to Camino. Prefer a scoped or temporary API key, review the referenced GitHub/npm install source before running npx-based commands, and avoid sending unnecessarily precise or sensitive location context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises shell-based usage (`./scripts/context.sh`, `curl`) but does not declare corresponding permissions or clearly scope its runtime capabilities. This can mislead users and host systems about what the skill may execute, weakening permission-based trust and review controls even if the shell actions are only for installation or API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description omits a clear warning that precise location coordinates, optional contextual queries, and weather-related requests are sent to a third-party Camino API. Because location and intent/context data can be sensitive, failing to disclose external transmission undermines informed consent and may cause unintentional privacy exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script transmits precise user-supplied location data to a third-party API, but at the point of execution it provides no explicit disclosure, consent prompt, or data-minimization guard. Because location data is sensitive and potentially identifying, silent transmission can create privacy and compliance risk even if the remote service is the intended backend for the skill.

External Transmission

Medium
Category
Data Exfiltration
Content
**Instant Trial (no signup required):** Get a temporary API key with 25 calls:

```bash
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"email": "you@example.com"}' \
  https://api.getcamino.ai/trial/start
```
Confidence
93% confidence
Finding
curl -s -X POST -H "Content-Type: application/json" \ -d '{"email": "you@example.com"}' \ https://api.getcamino.ai/trial/start ``` Returns: `{"api_key": "camino-xxx...", "calls_remaining": 25, ..

External Transmission

Medium
Category
Data Exfiltration
Content
curl -X POST -H "X-API-Key: $CAMINO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"location": {"lat": 40.7589, "lon": -73.9851}, "radius": 500, "context": "lunch options"}' \
  "https://api.getcamino.ai/context"
```

## Parameters
Confidence
96% confidence
Finding
https://api.getcamino.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Make API request
curl -s -X POST \
    -H "X-API-Key: $CAMINO_API_KEY" \
    -H "Content-Type: application/json" \
    -H "X-Client: claude-code-skill" \
Confidence
91% confidence
Finding
curl -s -X POST \ -H "X-API-Key: $CAMINO_API_KEY" \ -H "Content-Type: application/json" \ -H "X-Client: claude-code-skill" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Content-Type: application/json" \
    -H "X-Client: claude-code-skill" \
    -d "$INPUT" \
    "https://api.getcamino.ai/context" | jq .
Confidence
88% confidence
Finding
https://api.getcamino.ai/

VirusTotal

No VirusTotal findings

View on VirusTotal