ClawHub

Geo Deep Imitate

Security checks across malware telemetry and agentic risk

Overview

The skill’s main workflow is coherent, but it under-declares credential and network capabilities that users should review before installing.

Review this skill before installing. It is not showing malicious behavior, but it expects access to a local GEO API key file and uses that token against ai.gaobobo.cn, while the manifest only declares a Firecrawl key. Install only if you trust that backend, understand which GEO account the token controls, and are comfortable with scraped reference content being submitted there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill documentation instructs use of `web_fetch` as a fallback even though the manifest only declares `firecrawl_scrape`. That creates a capability mismatch: an agent may attempt undeclared network access or operators may not realize the skill can invoke an additional retrieval path with different security properties. In a security-sensitive skill, undeclared tool usage reduces auditability and can bypass expected review controls.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill directs reading an API key from local files in the user's home directory, but this sensitive file access is not declared in the manifest or explained to the user. Pulling credentials from disk without explicit consent expands the skill's effective privileges and creates a path for secret use outside normal permission review. Because the token is then used for remote API calls, this is more dangerous than a purely local read.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill combines local credential harvesting with authenticated outbound requests, yet provides no warning that a home-directory API key will be loaded and transmitted in an Authorization header. This is a classic secret-handling weakness: users may unknowingly allow the agent to exfiltrate or misuse an existing credential to a third-party service. In this context, the skill's purpose is to contact an external backend, so the omission materially increases risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal