ClawHub

Pipeworx Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a remote data-query gateway skill with broad scope and memory features, but the behavior is disclosed, coherent, and not locally privileged.

Install this only if you are comfortable sending research questions to Pipeworx’s external MCP gateway. Use the task-scoped URL when possible, avoid entering secrets, private documents, customer data, regulated personal information, or nonpublic business strategy, and use remember/recall only for information you intentionally want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill tells users to 'Ask anything' and route plain-English questions through a remote gateway that automatically selects tools and arguments. This broad invocation guidance increases the chance that sensitive, regulated, or irrelevant user data will be sent to third-party services without clear boundaries or informed consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The description advertises a single gateway connecting to hundreds of data sources and tools but does not warn that user queries are transmitted to a remote service. Because prompts may contain sensitive business, personal, or regulated information, the lack of disclosure creates a meaningful privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages use of 'remember' and 'recall' to persist findings across tool calls, but provides no warning that data may be stored beyond a single interaction. This can lead users to unknowingly persist sensitive information, increasing exposure through retention, later retrieval, or cross-session misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal