ClawHub

Handwrytten

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Handwrytten integration that can send paid physical mail and manage account assets, so it is legitimate but should be used with explicit review before side-effecting actions.

Install only if you are comfortable letting an AI client act on your Handwrytten account. Use a dedicated or revocable API key if available, keep the key out of chat, and require a clear human confirmation step before paid sends, bulk sends, basket submission, gift cards/inserts, uploads, or any delete/update operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes actions with real-world consequences—sending physical mail, uploading images, and deleting saved addresses/data—without clearly warning that these operations may incur charges, expose sensitive personal data, or irreversibly remove stored information. In an MCP/agent context, users may authorize tools through natural-language prompts and not realize that apparently simple requests can trigger paid, privacy-sensitive, or destructive operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill exposes state-changing operations like adding/updating/deleting address-book entries and placing physical mail orders without any built-in confirmation step, dry-run mode, or higher-friction approval for real-world effects. In an agent setting, prompt injection, misunderstanding, or ambiguous user instructions could cause unwanted mailings, PII changes, financial charges, or disclosure of sensitive recipient data to a third-party service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Multiple destructive tools permanently delete QR codes, recipients, senders, uploaded images, custom cards, and basket contents immediately on invocation, with no confirmation token, soft-delete, or undo mechanism. In an autonomous or semi-autonomous agent workflow, a malicious prompt or simple model error could lead to irreversible account data loss and disruption of business operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal