ClawHub

LLM Router Gateway

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward client for an external LLM routing API, with expected prompt and API-key transmission but limited privacy guidance.

Install only if you trust AISA and any routed model providers with the prompts, system messages, image URLs, and image data you submit. Use a dedicated API key when possible, monitor usage and billing, avoid pasting secrets or regulated data, and rotate the key if it appears in logs, screenshots, shell history, or shared scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to send chat prompts and image URLs to a third-party hosted API, but it does not clearly disclose that model inputs and related content leave the local environment. In an agent context, this can lead to inadvertent disclosure of sensitive prompts, attached data, or internal-only URLs to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to send chat prompts, and elsewhere images, to api.aisa.one without any privacy warning or data-handling notice. In an agent context, users may unintentionally transmit sensitive prompts, files, or business data to a third-party LLM gateway, increasing confidentiality and compliance risk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill tells users to export AISA_API_KEY but does not warn about protecting the credential from shell history, logs, screenshots, shared scripts, or accidental echoing. While not direct credential theft, this omission increases the likelihood of operational exposure of a live API secret.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal