ClawHub

Fact Checker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fact-checking skill, but it needs Review because it can send user content or extracted audio to third-party APIs, prints API keys while checking them, and can persistently change future agent routing.

Install only if you are comfortable with fact-check inputs, URLs, media metadata, extracted frames, and video audio potentially being processed by search providers or third-party APIs. Avoid confidential material unless you disable cloud/API paths, do not approve the AGENTS.md persistence prompt unless you want permanent automatic routing, and treat the API-key echo commands as something that should be fixed before use with real secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to append a persistent rule to AGENTS.md after a user agrees, which modifies long-lived behavior outside the immediate fact-checking task. This creates a cross-session persistence mechanism and broadens future automatic invocation of the skill, increasing the chance of unintended behavior changes or prompt-scope creep.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises web search, reverse image search, and metadata analysis, but it does not clearly warn users that submitted text, URLs, images, videos, or extracted metadata may be sent to external services or processed by optional third-party tools. In a fact-checking skill, users may provide sensitive or private material, so the missing disclosure can lead to unintended data exposure and privacy violations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition includes very broad language such as users asking whether something is true, which overlaps with common everyday requests. Overbroad routing can cause the skill to activate in contexts beyond specialized fact-checking, giving this skill more control than intended and increasing exposure to its side effects, including the persistence behavior later in the file.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest description claims applicability to a very wide range of content types and verification tasks in any language, which encourages expansive activation scope. While not directly harmful on its own, this broad scope increases the chance of unnecessary or inappropriate invocation, especially when paired with automatic routing based on loose user phrasing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown directs writing to AGENTS.md to make future use of the skill permanent, but the warning to the user is not sufficiently explicit about modifying a persistent file and changing future agent behavior. Persistent file modification is a sensitive action unrelated to the immediate fact-check result and can surprise users or be abused to entrench routing preferences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The pipeline sends extracted audio from a user-supplied video to the OpenAI Whisper API if an API key is present, but this file provides no user-facing notice or consent step. That creates a real data exfiltration/privacy risk because video-derived speech may contain sensitive personal, confidential, or regulated information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal