ClawHub
Back to skill

Security audit

自动化工作流引擎

Security checks across malware telemetry and agentic risk

Overview

This appears to be a broad automation workflow skill, but it asks for powerful file, network, email, database, webhook, and daemon-style behavior without enough scope or safety detail.

Review carefully before installing. Only use it with known and reviewed workflow code, restricted file paths, trusted webhook or queue sources, limited email/database credentials, and pinned patched dependencies. Avoid daemon mode until you know how it is stopped and what workflows it can trigger.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises capabilities for HTTP requests, file operations, email, and database access without any warning about data handling, privacy implications, or system-side effects. In an automation engine, these capabilities can move data off-host, modify files, and trigger external actions automatically, so lack of disclosure materially increases the risk of unsafe or uninformed use.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"keywords": ["workflow", "automation", "cron", "scheduler"],
  "license": "MIT",
  "dependencies": {
    "node-cron": "^3.0.3",
    "chokidar": "^3.5.3",
    "axios": "^1.6.0",
    "nodemailer": "^6.9.7"
Confidence
83% confidence
Finding
"node-cron": "^3.0.3"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "dependencies": {
    "node-cron": "^3.0.3",
    "chokidar": "^3.5.3",
    "axios": "^1.6.0",
    "nodemailer": "^6.9.7"
  }
Confidence
83% confidence
Finding
"chokidar": "^3.5.3"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "node-cron": "^3.0.3",
    "chokidar": "^3.5.3",
    "axios": "^1.6.0",
    "nodemailer": "^6.9.7"
  }
}
Confidence
97% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"node-cron": "^3.0.3",
    "chokidar": "^3.5.3",
    "axios": "^1.6.0",
    "nodemailer": "^6.9.7"
  }
}
Confidence
96% confidence
Finding
"nodemailer": "^6.9.7"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
axios==1.6.0

Known Vulnerable Dependency: nodemailer==6.9.7 — 5 advisory(ies): GHSA-9h6g-pr28-7cqp (nodemailer ReDoS when trying to send a specially crafted email); GHSA-c7w3-x93f-qmm8 (Nodemailer has SMTP command injection due to unsanitized `envelope.size` paramet); CVE-2025-13033 (Nodemailer: Email to an unintended domain can occur due to Interpretation Confli) +2 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
nodemailer==6.9.7

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal