ClawHub

URL Shortener CLI

Security checks across malware telemetry and agentic risk

Overview

This is a local URL-shortener CLI whose behavior matches its description, with ordinary caution needed for local data deletion and import commands.

Install if you are comfortable with a local CLI storing your shortened URLs in plain JSON. Avoid saving sensitive private URLs, export a backup before import or cleanup, use cleanup --dry-run first, and import only JSON files you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
81% confidence
Finding
The documentation exposes destructive operations like `delete`, `import --overwrite`, and `cleanup` without prominently warning about irreversible data loss. In a CLI that persists state locally, users may accidentally remove or replace mappings, especially when scripting or following examples.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The import operation can merge or overwrite local mappings from an arbitrary file path with no preview, schema validation, backup, or confirmation. In a CLI context this can lead to silent corruption or destruction of trusted local data if a user imports an unexpected or maliciously crafted JSON file, especially with --overwrite.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The cleanup command performs bulk deletion based on user-supplied criteria without any confirmation, summary prompt, or safety interlock. This increases the risk of accidental data loss from mistyped thresholds or misunderstood semantics, and the local-data-management context makes destructive operations the primary security-relevant impact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal