ClawHub

Paragraph

Security checks across malware telemetry and agentic risk

Overview

This Paragraph skill is mostly purpose-aligned, but it gives an agent live publishing and subscriber-management authority with under-scoped file import and email side effects.

Install only where the agent has limited filesystem access and a revocable, least-privilege Paragraph API key. Require human review before publishing posts, importing subscriber CSVs, or sending welcome/newsletter emails, and only use subscriber data you are authorized to upload and contact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages bulk import of subscriber emails and wallet addresses, plus optional welcome-email sending, without a prominent privacy and consent warning. In an agent setting, this increases the chance that personal data is uploaded to a third-party service or used for outreach without verifying user authorization, consent, or applicable compliance requirements.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation exposes a tool that returns subscriber email and wallet data but does not clearly warn that the output contains sensitive personal information. In autonomous or semi-autonomous agent workflows, omission of that warning can lead to over-sharing in logs, summaries, or downstream tools.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages bulk subscriber import, segmentation, and newsletter automation using email addresses and wallet-linked audience data, but it does not provide clear privacy, consent, data minimization, or retention warnings. In a tool designed for automated agent workflows, this omission increases the risk of unauthorized marketing, mishandling of personal data, and regulatory noncompliance, especially because wallet addresses can be linked to user identity and behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that posts are published onchain immediately, but it frames this mainly as an implementation detail and does not prominently warn users that publication may be effectively irreversible and publicly permanent. In an automated publishing skill, an agent or operator could unintentionally publish sensitive, incorrect, defamatory, or noncompliant content that cannot be meaningfully retracted once anchored onchain.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This tool reads an arbitrary local file path and transmits its contents to a remote API, creating a clear local file exfiltration primitive if an agent or user can be induced to supply sensitive paths. In an agent environment with filesystem access, this is dangerous because secrets, credentials, or unrelated local data could be uploaded off-host without sufficient consent boundaries.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This tool transmits personal contact data to an external service and may trigger outbound welcome emails by default, which can create privacy, consent, and unwanted messaging risks. In an agent context, a user may not realize that invoking the function both shares PII externally and causes side effects affecting third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal