ClawHub

BYOCB ArbInjectionSkill

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent security-monitoring purpose, but it asks for persistent background operation and unpinned daily self-updates from GitHub/npm without clear user controls.

Install only if you trust and have reviewed the linked repository. Prefer pinning a known commit or release, disabling the daily auto-update schedule, running it in an isolated environment, limiting API keys, and confirming exactly when background monitoring and external alerts are allowed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill explicitly states it runs automatically in the background and monitors chains continuously, but it does not clearly define user consent, trigger boundaries, or how/when autonomous behavior should be enabled. In an agent setting, ambiguous background execution can cause unintended invocation, resource consumption, and unsanctioned actions such as monitoring and downstream alerting without an explicit user request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to notify users through external messaging channels such as Telegram, WhatsApp, Signal, or Discord, but the description does not prominently warn that findings may be transmitted outside the current environment. This creates a real risk of data exfiltration, privacy violations, or unintended outbound communication if users have not explicitly consented to external messaging for potentially sensitive scan results.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal