ClawHub

Brikko PII Mask

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Brikko API integration for masking and restoring PII, but users must understand that raw PII is sent to Brikko unless self-hosted mode is configured.

Install only if your organization approves Brikko as a processor for raw PII and accepts the one-hour remote mapping storage. Use the self-hosted BRIKKO_API_URL option for stricter data residency needs, keep BRIKKO_API_KEY secret, and verify the configured endpoint before piping sensitive customer data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The README presents the skill as protecting PII before it reaches an LLM, but the documented implementation first transmits raw personal data to Brikko's remote API for masking. This creates a security and compliance gap because users may reasonably assume masking is local and may deploy it in environments where sending plaintext PII to a third party is prohibited or requires explicit consent and vendor review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The usage flow normalizes piping customer PII into the skill without prominently warning that the raw data is transmitted to a remote third-party API. In a privacy-sensitive skill whose stated purpose is regulatory protection, omission of this warning can lead users to unintentionally exfiltrate regulated personal data outside approved boundaries.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits whatever is provided on stdin to a remote HTTPS API, but the CLI flow does not provide an explicit runtime warning or consent checkpoint before sending potentially sensitive text off-host. In a security-sensitive context involving PII, this can lead to inadvertent disclosure if an operator assumes processing is local or is unaware that BRIKKO_API_URL may point to a third-party endpoint.

External Transmission

Medium
Category
Data Exfiltration
Content
## Конфигурация

Skill использует Brikko Gateway API (`https://api.brikko.ru/v1/anonymize`,
`/v1/restore`). Чтобы получить API-ключ:

1. Регистрация на [brikko.ru](https://brikko.ru) (бесплатно, 200 ₽
Confidence
94% confidence
Finding
https://api.brikko.ru/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal