ClawHub

alista

Security checks across malware telemetry and agentic risk

Overview

Alista is a coherent restaurant-bookmarking skill that uses disclosed social-media and Google Places APIs, with privacy caveats users should understand.

Install only if you are comfortable sending social-media URLs and place queries to Apify and Google Places using your own API keys. Use image downloads and video frame extraction only for content you are authorized to process, and remember saved places are stored locally in alista.db.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill's public description understates material behavior: it sends user-provided social URLs to third parties, downloads media locally, may extract video frames with ffmpeg, and supports broader content types than advertised. That gap can mislead users and reviewers about what data is processed and what tools are invoked, undermining informed consent and increasing privacy and attack-surface risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to fetch Instagram/TikTok metadata and optionally download images or extract video frames, but it does not warn that this sends user-supplied social-media URLs and related content to third-party services (Apify, Google Places) and stores or processes media locally. That omission can lead users to unknowingly transmit personal data, copyrighted content, location information, or sensitive media-derived details outside their machine, especially when using social posts that include non-public or privacy-sensitive context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Users are instructed to share Instagram/TikTok URLs, but the skill description does not clearly warn that those URLs and derived metadata may be sent to Apify, Google Places, and fallback social-media endpoints. This creates a real privacy/transparency problem because user-shared content and inferred place data are disclosed to external services without prominent notice or consent.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal