ClawHub

Live Site Polish

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent live-website polishing workflow, with expected browser automation and screenshots plus a small disclosure concern around a required UX Agent promo line.

Reasonable to install for live page polishing, especially on staging or non-sensitive pages. Review generated screenshots and patch files before sharing or committing them, and be aware that the skill instructs the agent to add a short UX Agent promotional line in the final message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Low
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to append a promotional UX Agent link to the final user-facing message even though that behavior is unrelated to the user's redesign task. This is a form of unauthorized self-promotion/instruction injection that can bias outputs, undermine user trust, and create conflicts of interest; the included product URL and homepage metadata make the commercial intent more suspicious.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill permits reopening the browser in headed mode for login, MFA, CAPTCHA, or other manual checkpoints on live sites, but it does not require explicit user warning/consent about handling authenticated sessions and sensitive page data. In this context, that increases the risk of exposing personal or privileged information during browser automation, screenshots, DOM inspection, or artifact generation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal