ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill appears coherent and not malicious, but it needs review because it encourages sensitive document processing, cloud model use, local output persistence, and a remote shell installer without enough safety guidance.

Review before installing or using with private, medical, legal, or regulated documents. Use de-identified sample data unless you have approval for the selected model provider, keep API keys out of committed files and logs, avoid printing secrets, verify any remote installer before running it, and store or delete JSONL/HTML outputs according to your retention rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to configure API keys, process document URLs, and save JSONL/HTML outputs without warning that input content may be sent to external model providers and that artifacts will be written locally. In an agent setting, this can lead to unintended disclosure of sensitive text to third-party APIs or unsafe persistence of extracted data on disk, especially for medical or legal documents explicitly mentioned by the skill.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide tells users to export API keys and append them to a .env file, but it does not warn that these are sensitive secrets that must not be committed, shared, or left with weak file permissions. In documentation for developer tools, this can lead to accidental credential exposure through source control, notebook sharing, or leaked environment dumps.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instructions pipe a remotely fetched script directly into sh, which executes unreviewed code from the network immediately. If the remote host, transport, DNS, or distribution path is compromised, users could run arbitrary commands on their machine with the privileges of the shell.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide includes a clinical-notes extraction example and then demonstrates saving results to JSONL and generating/shareable HTML output, but it does not warn that these artifacts may contain protected health information or other sensitive personal data. In a quickstart, users often copy examples directly into real workflows, so omission of privacy and retention guidance can lead to accidental local disclosure, sharing, or persistence of regulated data.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The URL example states that LangExtract can directly process online document URLs and shows passing a URL to `lx.extract()` without warning that this causes remote fetching/downloading of external content. That can surprise users and create SSRF-like or privacy-sensitive behavior in environments where outbound requests, internal URLs, or untrusted content retrieval should be controlled.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to save extracted results and generated visualizations to local files without warning that outputs may contain sensitive source text, extracted entities, or derived metadata. In a data-extraction library context, this increases the risk of unintentionally persisting confidential information to disk, where it may be retained, backed up, or exposed to other local users/processes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example processes a remote document URL with a cloud model and does not warn that document contents may be fetched from third-party servers and transmitted to an external LLM provider. In an extraction workflow, users may apply the same pattern to private documents and unknowingly send sensitive content off-device, creating confidentiality and compliance risks.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# 先安装并启动 Ollama
curl -fsSL https://ollama.com/install.sh | sh
ollama serve

# 下载模型(选择一个)
Confidence
99% confidence
Finding
curl -fsSL https://ollama.com/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 先安装并启动 Ollama
curl -fsSL https://ollama.com/install.sh | sh
ollama serve

# 下载模型(选择一个)
Confidence
99% confidence
Finding
| sh

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal