ClawHub

Auto.dev – Automotive Data

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for automotive data workflows, but its examples under-scope API key handling, vehicle identifier privacy, and arbitrary third-party data forwarding.

Install only if you intend to build Auto.dev-powered automotive data workflows. Do not paste API keys into chat or put them in URLs; use a secret store or environment variable. Review and harden the provided webhook, Google Sheets, alert, and export examples before production use, especially callback allowlists, user consent, privacy notices, logging, retention, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The webhook receiver accepts a caller-supplied callbackUrl and then server-side POSTs enriched VIN/spec/recall data to that arbitrary destination. This creates SSRF-style outbound request behavior and can be abused to reach internal services or exfiltrate data to attacker-controlled endpoints, especially because there is no allowlist, authentication, or URL validation shown.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill declares an extremely broad activation scope for essentially any automotive data task, which increases the chance the agent invokes this skill in contexts it was not narrowly designed for. Over-broad routing can cause unnecessary access to external tools, data sources, or credential-handling paths, expanding the attack surface and creating opportunities for unintended data exposure or unsafe actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to ask the user for an API key if the environment variable is not set, but it does not warn against collecting secrets in ordinary chat or prescribe a safer credential flow. In a skill that supports direct API access, this can lead to users pasting sensitive credentials into conversation history, logs, or third-party tool contexts where they may be retained or exposed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase guidance is broad enough that the skill could activate for ordinary software-building requests that only loosely relate to automotive use cases. In an agent setting, overbroad activation can cause unintended tool or template selection, which may lead to irrelevant code generation, misuse of privileged API-backed patterns, or reduced operator control.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The dealer dashboard invocation examples are generic and could match common enterprise dashboard requests unrelated to automotive inventory. In an autonomous or semi-autonomous agent workflow, this ambiguity increases the chance of accidental invocation and generation of code patterns that assume access to vehicle data APIs and dealership use cases.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Phrases like 'build a car comparison tool' and 'help buyers compare vehicles' are broad consumer-facing requests that may overlap with ordinary product ideation or content assistance. This can cause the skill to trigger unexpectedly and steer the agent into code scaffolding or data-access patterns when the user may have intended a simpler or different task.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases for the price alert service are especially general and could capture simple consumer requests like wanting notifications about car prices, rather than asking for backend service development. In an agent environment, that mismatch can prompt unnecessary code generation, data collection patterns, and operational logic that exceed the user's intended scope.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template describes collecting and storing email addresses plus location-related data such as state, ZIP, and distance for alert subscriptions, but it provides no privacy notice, retention guidance, consent language, or safeguards around handling personal data. In a scaffold-generating skill, this omission is risky because downstream developers may reproduce the pattern as-is, creating applications that collect personal information without adequate transparency or governance.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The file explicitly positions these workflows as patterns to match whenever a user describes a business need, which creates a broad trigger surface and raises the chance of unintended invocation on generic requests. In a skill that can perform VIN, listing, pricing, payment, and recall lookups, over-broad activation can cause unnecessary data access, irrelevant API calls, and user confusion about why automotive workflows were engaged.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The workflow instructs use of buyer ZIP and VIN-based lookups for payments, total cost of ownership, recalls, build data, and photos without any user-facing notice, consent step, or data-minimization guidance. While ZIP and VIN are common automotive inputs, they can still reveal location and a specific vehicle of interest, and combining them across multiple endpoints increases privacy sensitivity and the risk of collecting or processing more user-linked data than necessary.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The pattern explicitly instructs the agent to save exported vehicle listing data to a user-specified path without any nearby requirement to disclose filesystem writes, confirm the destination, or constrain where data may be written. In an agent setting, silent file creation can lead to unintended local data persistence, overwriting user files, or writing sensitive exported data into unsafe locations, especially if the path is influenced by untrusted input.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Several recipes transmit listing and VIN-derived data to Slack, email, callback endpoints, and automation platforms without any warning about disclosure, consent, retention, or third-party handling. In an automotive-data skill, sharing vehicle and dealer/listing context externally may be expected, but omission of privacy guidance increases the chance users unknowingly send potentially sensitive data to external systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The Google Sheets example appends the API key directly into the request URL as a query parameter. Query-string secrets are commonly exposed through logs, browser history, proxy traces, analytics, and debugging tools, making credential leakage more likely than header-based authentication.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to pass the API key as a query parameter (`?apikey={key}`), which increases the chance the credential will be exposed in browser history, intermediary logs, analytics, referrer headers, shared URLs, and server access logs. Because this skill is specifically for API and SDK usage, users may copy this pattern directly into production integrations, making the insecure guidance more dangerous than a purely internal note.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents sending license plate and state data to a third-party API to derive a VIN, which is vehicle-identifying information and may be sensitive in many contexts. The chaining guidance encourages further enrichment of that identifier without any privacy notice, consent guidance, data-minimization advice, or restrictions on use, increasing the risk of inappropriate collection or disclosure.

External Transmission

Medium
Category
Data Exfiltration
Content
# V2 Plate-to-VIN API (Scale — $0.55/call)

**GET** `https://api.auto.dev/plate/{state}/{plate}`

Converts a US license plate to VIN and basic vehicle info.
Confidence
77% confidence
Finding
https://api.auto.dev/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal