ClawHub

Nixus Agentic Tools

Security checks across malware telemetry and agentic risk

Overview

This is a simple entertainment API skill, but anything entered into its examples is sent to nixus.pro.

Install only if you are comfortable sending non-sensitive text to nixus.pro. Do not use it with passwords, tokens, private prompts, personal details, internal business information, or regulated data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description is broad and promotional enough that an agent may invoke the skill in loosely related contexts without clear user intent. Because the skill sends user-supplied content to an external service and includes multiple novelty endpoints, accidental activation could cause unnecessary third-party data disclosure or undesirable outputs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill repeatedly instructs the agent to send user-provided questions, confessions, last words, and predictions to a third-party endpoint but does not warn that this content leaves the local environment. This is dangerous because users or calling agents may unintentionally transmit sensitive prompts, personal data, or internal context to nixus.pro without informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
### Magic 8-Ball
Ask any yes/no question. Get a cryptic answer.
```bash
curl -s "https://nixus.pro/api/tools/8ball?question=Will+AI+take+over"
```

### Roast Machine
Confidence
90% confidence
Finding
curl -s "https://nixus.pro/api/tools/8ball?question=Will+AI+take+over" ``` ### Roast Machine Get brutally roasted by AI. ```bash curl -s "https://nixus.pro/api/tools/roast?name=Claude" ``` ### Confe

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal