ClawHub

Pine Assistant

Security checks across malware telemetry and agentic risk

Overview

This Pine assistant is coherent and disclosed, but it needs Review because it can act on sensitive accounts and includes broad session lookup, raw event relay, and force-delete guidance.

Install only if you are comfortable delegating real customer-service and account tasks to Pine. Use narrow instructions, avoid sharing unnecessary PINs or account details, review payments and destructive actions yourself, and remove or revoke Pine credentials when you no longer need the integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill broadly instructs the agent to treat many ordinary references such as company names, accounts, refunds, bookings, or vague follow-up questions as triggers to inspect Pine sessions. In a multi-session assistant handling sensitive customer-service tasks, this can cause over-activation and retrieval of unrelated prior-session data, increasing the risk of privacy leakage and cross-task confusion.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented deletion commands include forceful destructive operations without requiring confirmation, warning language, or guidance about verifying the correct session first. In an autonomous agent context, this increases the chance of accidental irreversible deletion of user task history or active sessions.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction to relay full billing details and other session content to the user without minimization can expose sensitive data returned by Pine, including financial amounts, payment URLs, account context, or content from previously resumed sessions. Because this skill explicitly works with billing disputes, reservations, and account issues, the data handled is likely to be highly sensitive.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly says to always relay raw unknown-event content to the user, even though unknown events may contain secrets, tokens, internal metadata, prior-session context, or other sensitive tool output. Treating unrecognized content as safe-by-default is dangerous, especially in a system that processes authentication, billing, and customer account workflows.

Ssd 3

Low
Confidence
81% confidence
Finding
Encouraging collection of extensive sensitive details upfront increases the amount of personal and account information unnecessarily gathered and retained in session history. While intended to reduce back-and-forth, this expands the blast radius if session content is later exposed, misrouted, or reused across tasks.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal