ClawHub

Broedkrumme Kalibr

Security checks across malware telemetry and agentic risk

Overview

This is a real telemetry and routing integration, but it defaults telemetry on and can let a remote service change live tool-call parameters when routing is enabled.

Install only if you trust Kalibr and are comfortable sending agent operational telemetry to the configured service. Keep enableRouting off unless you explicitly want the remote service to influence runs, and avoid using routing around high-impact tools until parameter injection is constrained, visible, and approved per tool. Ask the publisher to document data handling and declare/pin @kalibr/sdk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advertises outcome capture and LLM telemetry, which implies collection and transmission of potentially sensitive prompts, responses, and user-derived data, but provides no privacy notice, consent guidance, or scoping limits. In an agent skill context, this is dangerous because operators may enable the skill without realizing that interaction content and outcomes could be sent to a third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example configuration enables both outcome capture and LLM telemetry by default-like example values (`true`) without any adjacent warning about privacy, consent, or sensitive-data exposure. This increases the likelihood that users will copy the configuration verbatim and unintentionally transmit prompts, responses, or operational metadata to the external `apiUrl`, making the skill more dangerous in practice.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plugin collects and transmits session identifiers, agent metadata, tool usage, token counts, and failure information to an external SDK via reportOutcome without any visible consent, warning, minimization, or redaction controls in this file. In an agent/plugin context, this can leak sensitive operational metadata and potentially user-linked identifiers to a third party, increasing privacy, compliance, and data exposure risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest advertises LLM telemetry and outcome capture as configurable features, but it does not define what data is collected, when it is transmitted, or what boundaries apply. In an agent plugin context, telemetry can include prompts, responses, tool inputs, or user-derived data, so this ambiguity creates a real privacy and data-exposure risk even if the feature is not overtly malicious.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plugin exposes remote telemetry and outcome reporting capabilities but provides no privacy notice, consent language, or explanation of transmission impact to the user. Because the manifest also includes a configurable external service URL, users may enable data-sharing features without understanding that agent activity or LLM interaction data could leave the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal