ClawHub

NEXUS Data Transform

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote paid AI data-conversion service, but it can send user data and payment proof to NEXUS without clear per-request controls.

Install only if you deliberately want a hosted NEXUS paid AI conversion service. Avoid secrets, regulated data, private datasets, and sensitive business records unless you trust the provider and its retention claims, and configure your agent to ask before any remote paid request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The README presents the skill as a simple local data-format converter, but the documented behavior routes user input to a paid external HTTP service. That mismatch can mislead operators and users into sending potentially sensitive data off-host and into engaging with a monetized third-party platform they did not expect.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Embedding payment-processing, HTTP 402 negotiation, and multi-chain payment details in a data transformation skill is unjustified by the stated purpose and expands the trust and attack surface. Users may unknowingly authorize payments or expose billing credentials for a task that should ordinarily be offline and low risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is marketed as a simple data format converter, but its documentation states that arbitrary user input is sent to a remote AI service for server-side LLM processing. This creates a significant data-handling and capability-mismatch risk because users may provide sensitive content expecting deterministic local transformation, while the skill actually performs broad third-party processing and transmission.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Using remote LLMs for a task advertised as simple JSON/CSV/XML/YAML conversion is unnecessary and expands the attack surface without clear justification. It increases risks of data exfiltration, nondeterministic transformations, prompt injection handling issues, and unexpected processing of sensitive input by third-party models.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Saying the skill is 'automatically invoked' without defining trigger constraints creates a risk that routine transformation requests will silently use this remote service. In agent environments, ambiguous invocation rules can cause unreviewed data egress, surprise charges, or activation in contexts where external access is inappropriate.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README documents direct API usage that sends user-provided input to an external host but does not warn about data leaving the local environment. This omission is dangerous because users may submit confidential documents, secrets, or regulated data under the assumption that a format conversion skill operates locally.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description and input field are broad enough to accept general text or queries rather than narrowly scoped format-conversion requests. In combination with the remote AI backend, this broad matching can cause the skill to be selected for unrelated tasks and route arbitrary user data to an external service under the guise of conversion.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal