ClawHub

Convert-any-SaaS-application-into-an-Agentic-interface

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent agent-integration purpose, but it can automatically install unpinned GitHub code and guide users into deployment, publishing, and backend credential workflows with broad triggers.

Install only if you trust the publisher and are comfortable reviewing the linked GitHub project before use. Require explicit approval before any package installation, browser/runtime setup, deployment, website publication, secret configuration, backend credential use, or production data testing. Prefer an isolated virtual environment or container, pinned versions or commit hashes, staging credentials, and careful review of generated proof artifacts before sharing or publishing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill is configured to trigger on an extremely broad set of phrases, including generic deployment, packaging, verification, database, and maintenance language, and it even says it should trigger proactively after any pipeline step. This creates a real risk of unintended invocation of a high-impact skill that performs installation, deployment, publication, and backend-wiring guidance, potentially steering users into sensitive actions they did not explicitly request.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The pre-flight section instructs the agent to auto-install software from a GitHub repository via pip, create a virtual environment, install Python, and install Playwright, all before any explicit safety confirmation. These are system- and network-affecting actions that can modify the host environment, pull unpinned code from the internet, and expand the execution surface, making the skill materially dangerous in an agent context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section operationalizes live deployment and publication workflows, including setting API targets, secrets, hosting configuration, website-root file publication, and validation against public endpoints, but it lacks an upfront high-level warning and enforced confirmation boundary for production changes. In context, this skill is specifically designed to connect real backends and publish internet-facing discovery assets, so accidental or premature execution could expose services, misconfigure credentials, or alter a production website.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal