ClawHub

NVIDIA NIM Skill

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it disables HTTPS verification while sending your NVIDIA API key and prompts to NVIDIA, creating a real interception risk.

Install only after reviewing the HTTPS issue. This version should not be used with secrets, private source code, regulated data, or sensitive documents unless TLS verification is fixed. If used anyway, use a limited NVIDIA API key, avoid untrusted networks, and treat any prompt or file content sent through /nim as shared with an external provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'req' from os.getenv (line 44, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
try:
        req = urllib.request.Request(url, data=json.dumps(data).encode(), headers=headers)
        with urllib.request.urlopen(req, context=ctx) as response:
            result = json.loads(response.read().decode())
            return result['choices'][0]['message']['content']
    except Exception as e:
Confidence
99% confidence
Finding
with urllib.request.urlopen(req, context=ctx) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill clearly relies on environment access for NVIDIA_API_KEY and network access to send prompts to NVIDIA NIM, but those capabilities are not declared. Hidden or undeclared capabilities reduce reviewability and can cause agents or users to invoke a skill without understanding that secrets and prompt data may be transmitted externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly encourages users to send prompts, summaries, and even file contents to external NVIDIA NIM models, but it does not clearly warn that this transmits data to a third-party service. In an agent-skill context, users may assume processing remains local or within the main agent boundary, so the missing privacy/data-handling disclosure increases the risk of inadvertent exfiltration of sensitive code, secrets, or proprietary documents.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The suggested integration exposes a broad '/nim <model> <prompt>' command with no trigger constraints, safety boundaries, or guidance on appropriate use. In an agent setting, this can encourage sending arbitrary prompts, including sensitive workspace or user data, to an external model whenever the skill seems convenient.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The setup and usage text explain how to obtain an API key and call the script, but they do not clearly warn users that prompts will be sent to a third-party external API. Without an explicit user-facing disclosure, operators may unintentionally transmit confidential instructions, source code, or personal data off-platform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal