ClawHub

Turnstile Spin

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims for Cloudflare Turnstile setup, but it handles powerful Cloudflare credentials and secrets in ways that deserve review before installation.

Install only if you intend to let the agent create Cloudflare Turnstile resources and deploy a Worker. Use a least-privilege, temporary Cloudflare token via an environment variable or protected local file rather than chat, review diffs before frontend edits, avoid putting sensitive values in Turnstile cdata, and rotate any token or Turnstile secret that may have appeared in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
79% confidence
Finding
Broad trigger phrases like "CAPTCHA" and "bot protection" can cause this high-impact skill to load in situations where the user did not intend full automation of Cloudflare setup and deployment. Because the skill performs credential handling, API calls, deployment, and file edits, accidental invocation materially raises the risk of overreach.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The phrase "protect this form" is extremely generic and overlaps with many unrelated requests such as validation, spam filtering, auth, or rate limiting. In this skill's context, an accidental match could start a workflow that scans the repo, requests credentials, creates Cloudflare resources, and proposes code changes beyond what the user intended.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script prints the newly created Turnstile secret directly to stdout in a success JSON object. Secrets written to stdout are easily exposed via terminal history, CI logs, agent transcripts, or downstream tooling, which can allow misuse of the Turnstile configuration and compromise server-side verification flows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The logger emits the raw `cdata_value` field into structured logs, which can persist user- or application-supplied metadata in Cloudflare Workers observability and downstream log pipelines. Because logs are often broadly accessible and retained longer than request data, this can leak sensitive or correlatable information if `cdata` contains identifiers, tokens, or other user data.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly permits users to paste a live Cloudflare API token into chat, which places a powerful credential into conversation logs and any downstream logging, retention, or review systems. Since the token is requested with edit scopes for Turnstile and Workers, compromise of that token could enable account changes and deployment of malicious scripts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal