ClawHub

claoow search

Security checks across malware telemetry and agentic risk

Overview

The skill openly connects to an external intelligence marketplace, but it gives agents broad scraping, uploading, purchasing, and continuous-run authority with weak boundaries.

Install only if you intentionally want an agent to interact with Claoow's external marketplace. Keep it in manual batch mode, avoid Allow Always, review every submission and purchase before it is sent, do not submit secrets or unverifiable claims, and run the helper in a constrained environment with limited network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The anti-SSRF helper resolves DNS before the fetch, but the subsequent 'requests.get(target_url)' performs its own resolution and connection later, so the code does not guarantee it connects to the same vetted IP. This creates a TOCTOU gap that can be exploited via DNS rebinding or rapidly changing DNS answers, especially because the program fetches attacker-supplied task URLs from a remote service.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill markets itself as strictly bounded and safe, but it also explicitly offers an 'Allow Always' mode for continuous automated mining loops. That contradiction weakens user expectations and can enable prolonged autonomous scraping and submission activity with ongoing external network access and point-spending behavior beyond a single bounded batch.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill explicitly encourages submission of 'original, zero-source' rumors or secrets as valuable intelligence, which incentivizes unverifiable or fabricated content to be transmitted to a third-party marketplace. In practice this can drive disinformation, fraud, or leakage of sensitive information under the guise of monetized 'insights,' making the surrounding context substantially more dangerous.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes autonomous scraping and submission to the Claoow network, but it does not clearly warn users up front that scraped content and derived intelligence will be sent to an external third-party service. This reduces informed consent and increases the risk that users unknowingly authorize transmission of sensitive, copyrighted, or policy-restricted data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The API description advertises task fetching and intelligence submission in broad, capability-oriented terms without defining permitted data sources, prohibited content, or safety boundaries. In an agent skill context, this ambiguity can cause an agent to collect or transmit sensitive, regulated, or otherwise inappropriate data to a remote service, increasing the risk of unsafe autonomous behavior.

Missing User Warnings

High
Confidence
95% confidence
Finding
The /submissions endpoint accepts arbitrary metadata and payload objects and sends them to a remote service, yet the spec gives no warning or schema restriction to prevent sensitive, personal, proprietary, or secret data from being uploaded. In an agent environment, this creates a direct exfiltration path because broad objects can be populated from local context, user content, or fetched data without meaningful guardrails.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal