ClawHub

Civic

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Civic integration bridge, but it gives an agent broad token-backed access to connected services without built-in safety controls.

Install only if you trust the Civic endpoint and will use a least-privilege Civic profile. Before use, verify CIVIC_URL, protect and rotate CIVIC_TOKEN, inspect tool schemas, and require explicit user approval before any operation that sends messages, modifies files, writes or deletes records, runs SQL, or changes connected services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use the skill whenever a user wants to interact with external services through Civic is overly broad and lacks clear guardrails for when the agent should invoke high-impact integrations. Because Civic can reach Gmail, databases, and other sensitive systems, vague activation criteria can cause the agent to over-trigger the skill and perform unintended data access or actions on connected services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This runner is explicitly designed to invoke arbitrary remote Civic MCP tools, including tools that may mutate data, trigger external actions, or access sensitive integrations, but it provides no confirmation prompt, allowlist, dry-run mode, or safety warning before execution. In the context of a generic integration hub with 100+ tools, that omission increases the chance of accidental destructive operations or unintended data access by users or downstream agents.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal