ClawHub

Siphonclaw Skill

Security checks across malware telemetry and agentic risk

Overview

SiphonClaw’s document-intelligence purpose is coherent, but it asks users to run unreviewed external code and process sensitive documents through persistent storage, cloud APIs, web fallback, and remote channels without enough scoping or data-handling disclosure.

Review the external GitHub repository and dependencies before running it. Use a test environment first, ingest only deliberately selected non-sensitive documents, avoid broad home/shared-drive paths, and do not enable cloud, Brave Search, Telegram, email, or SSE access until you understand authentication, provider data handling, retention, and deletion controls. Use dedicated low-privilege API keys rather than personal or production credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README prominently encourages ingestion of shared-drive documents, emails, Telegram, images, and web pages, and later describes cloud/API-backed processing, but it does not clearly warn users that sensitive data may be transmitted to third-party providers or retained in local/vector stores. In a document-intelligence system handling potentially confidential enterprise data, this omission can lead to accidental exposure of proprietary, personal, legal, or regulated information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states that image identification can 'fall back to web search if local confidence is low' and that cloud APIs handle generation and reasoning, but it does not warn users that document text, OCR output, images, or metadata may be transmitted to third-party providers. In a document-intelligence pipeline handling PDFs, screenshots, and equipment photos, this omission can lead users to expose sensitive proprietary or personal data without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal