ClawHub

Automation Workflow

Security checks across malware telemetry and agentic risk

Overview

This automation skill is purpose-aligned, but it needs Review because daemon scheduling is unsafe and its network/secret-handling behavior is under-scoped for real workflows.

Review carefully before installing for production automation. Use only trusted workflow YAML, provide a minimal env file with only required secrets, avoid daemon mode until scheduling is fixed, restore normal HTTPS verification, and add destination allowlists, rate limits, and approval checks before connecting it to messaging, webhooks, or business APIs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises capabilities that clearly involve network access and reading environment variables, but it does not declare permissions or otherwise surface that sensitive data and outbound connectivity are part of normal operation. This creates a transparency and consent problem: users or hosting platforms may invoke the skill without understanding that it can read secrets and transmit data externally.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The daemon advertises cron-based scheduling but ignores the parsed cron expression and executes the workflow every minute unconditionally. This can cause unintended repeated API calls, message floods, data sync storms, and cost or rate-limit impacts, especially because workflows can perform network actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation normalizes webhook ingestion, HTTP requests, Telegram/email messaging, storage operations, and env-based secret use without warning that these features can exfiltrate data or modify external systems. In an automation skill, this context makes the omission more important because the entire purpose is to chain triggers and actions that move data across trust boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples show workflow patterns that fetch data from external sources and forward results or webhook-derived content to Telegram, but they do not warn users that operational or potentially sensitive data is being transmitted to a third-party messaging platform. In an automation skill, copy-pastable examples strongly influence real deployments, so this omission can lead to unintended data disclosure if users adapt the examples to real metrics, webhook contents, or business data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal