ClawHub

CleanApp Report Submission

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward CleanApp report-submission tool, with privacy and dry-run controls, though users should understand it sends report data to an external service.

Install only if you intend to submit reports to CleanApp. Use dry-run first, avoid including precise location or media metadata unless needed, and store CLEANAPP_API_TOKEN through your platform's secret handling rather than pasting real tokens into reusable shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The README shows users exporting a live bearer token directly in the shell, but it does not warn that such secrets may be exposed through shell history, shared terminal recordings, process/environment inspection on multi-user systems, or accidental reuse in logs. This is not an active code exploit, but it is an insecure operational pattern that can lead to credential disclosure if users follow the example as written.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does state that it talks to CleanApp over HTTPS and lists the fields it submits, but it does not provide a clear, explicit user warning near usage that running ingest will transmit report content and optional location/media metadata to an external remote service. In an agent-skill context, this omission matters because users may execute commands assuming local processing, leading to unintended disclosure of sensitive text, location, or media-related metadata.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script reads arbitrary input items and, unless run with --dry-run, posts them to a remote endpoint without any explicit interactive confirmation or strong user-facing warning at send time. Because the items may contain sensitive fields such as media and precise location unless optional flags are set, a user can unintentionally exfiltrate private data to the configured service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal