ClawHub

Backboard.io

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Backboard.io purpose, but its local backend exposes powerful account actions on all network interfaces without its own access controls.

Review before installing. Run the backend only bound to 127.0.0.1, firewall port 5100, avoid Flask debug mode, use the least-privileged Backboard API key available, and only store memories or upload documents you are comfortable sending to Backboard for processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill supports persistent memory storage and document upload for RAG, but it does not warn users that submitted content may be retained, indexed, and reused across conversations. This is dangerous because users may provide sensitive files or personal information without understanding retention, scope, or deletion behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes delete operations for assistants and memories without a clear warning or mandatory confirmation flow. Destructive actions can cause irreversible data loss, especially if the agent misinterprets user intent or is manipulated through ambiguous prompts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The application starts Flask with debug=True while binding to 0.0.0.0, making the development server network-accessible. In debug mode, Flask/Werkzeug may expose an interactive debugger and detailed error information, which can enable remote code execution or sensitive information disclosure if reachable by an attacker.

Missing User Warnings

High
Confidence
91% confidence
Finding
This method accepts an arbitrary local file path and transmits that file to an external/local-backend service without any validation, allowlisting, or path restrictions in the wrapper. If an attacker can influence file_path through upstream routes or tool inputs, they could cause sensitive local files to be uploaded, turning this into a local file exfiltration primitive.

Missing User Warnings

High
Confidence
91% confidence
Finding
Like the assistant document upload path, this function forwards an arbitrary local file path to another service for upload with no validation in this layer. In a skill context that integrates external tools and threads, that creates a meaningful risk of unauthorized disclosure of host files if upstream inputs are attacker-controlled or insufficiently constrained.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal