ClawHub

Paragraph Test

Security checks across malware telemetry and agentic risk

Overview

This is a real Paragraph.com integration, but it gives an agent powerful publishing and subscriber-management abilities with insufficient guardrails around irreversible public posting, email outreach, and local CSV uploads.

Install only if you want an agent to operate your Paragraph account. Require explicit human approval before creating posts, sending newsletters, adding subscribers, or importing CSVs; use a dedicated or least-privileged API key if available; keep PARAGRAPH_API_BASE_URL pointed at Paragraph or a trusted test endpoint; and only import CSV files that you have verified and have permission to process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The subscriber-management documentation normalizes adding and importing contacts while defaulting `sendWelcomeEmail` to true, but it does not clearly warn that invoking these tools may immediately send email to third parties. In an agent context, this can lead to unintended mass outreach, privacy issues, or spam-like behavior if the agent imports contacts without explicit user confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation encourages adding and importing subscribers using email addresses and wallet data, but does not include any explicit privacy, consent, retention, or lawful-processing warning. In a skill that automates subscriber management, this omission can lead operators to upload personal data without validating consent or handling requirements, increasing the risk of privacy violations, compliance issues, and misuse of sensitive audience data.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill promotes onchain publishing and suggests delete-and-recreate workflows for edits, but does not clearly warn that blockchain publication is effectively permanent and hard or impossible to fully reverse. Users may unknowingly publish sensitive, regulated, or erroneous content assuming it can be edited or removed later, which can cause lasting exposure and legal or reputational harm.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The import tool accepts an arbitrary local file path, reads that file from the host filesystem, and exfiltrates its contents to a remote API as a CSV upload. In an agent context, if an attacker can influence csvPath, this becomes a local file read plus outbound data transfer primitive, which can expose sensitive files such as configs, keys, or user data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal