ClawHub

Brand Frontend

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent landing-page generator, but it gives the agent too much automatic authority to install software and use a Stitch API key before clear approval.

Before installing, require the agent to ask before installing the Stitch SDK, prefer a project-local pinned install instead of a global latest install, and set STITCH_API_KEY yourself rather than pasting it into chat. Review .stitch/metadata.json, any saved files in .stitch/user-assets, and the final zip contents before sharing or deploying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs the agent to install software and perform external side effects before any explicit user confirmation, including SDK installation and auth verification. Even though these actions support the workflow, they exceed pure content generation and can modify the environment in ways the user may not expect, increasing risk from over-broad execution authority.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The skill instructs the agent to save user-attached files to local storage even though image ingestion is not part of the core Stitch API flow. Persisting attachments creates unnecessary data handling risk, especially if files contain sensitive or proprietary information and the user was not explicitly warned that local copies would be retained.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
Creating archives via shell command introduces unnecessary command execution for a packaging task, expanding the skill's operational scope beyond design generation. If filenames or paths are not strictly controlled, this pattern can also become a command injection or unsafe file-operation surface.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to store user-provided files locally without a clear user-facing disclosure or consent step. This is a privacy and transparency issue because users may not expect uploaded branding assets or screenshots to be retained in workspace storage and bundled later.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Automatically opening generated local HTML in the user's browser creates an undisclosed execution boundary crossing from file generation to content rendering. Since generated HTML may contain active content or unexpected external references, opening it without consent can expose the user to privacy leaks or unsafe browser behavior.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill performs zip archive creation without explicit user disclosure, causing filesystem changes and artifact generation that the user may not anticipate. While lower risk than code execution, silent packaging still violates transparency expectations around local side effects.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The document explicitly instructs the agent to save project and design-system identifiers to `.stitch/metadata.json` without mentioning user consent, visibility, or workspace safety. Silent local file writes can create unexpected persistence, leak project metadata into the repo or working directory, and violate user expectations about what the skill is allowed to modify.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal