ClawHub

IP Lookup Tool

Security checks across malware telemetry and agentic risk

Overview

This looks like a public IP/location lookup skill whose network calls are expected for its purpose, but users should understand that third-party services will see the request.

Install only if you are comfortable with public IP/location lookups being sent to third-party providers such as IP and geocoding services. This is normal for the feature, but it can reveal your network egress IP and approximate location to those providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to send the user's public IP lookup request to third-party geolocation services, which necessarily discloses the user's network egress IP and related metadata to external providers. In this context, the transmission is functionally required for the feature, but the skill does not warn the user, obtain consent, or document privacy implications, creating a real privacy and data-sharing risk rather than a purely theoretical issue.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the host's public IP and related network metadata to multiple third-party services (ipinfo.io, ifconfig.co, ip.sb, and optionally Nominatim) without any user-facing notice or consent flow in the script itself. In a skill specifically designed to reveal public IP/location this behavior is functionally expected, but it still creates a real privacy exposure because invoking the skill necessarily discloses the user's network identity and approximate location to external providers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal