ClawHub

Company Research

Security checks across malware telemetry and agentic risk

Overview

The skill is a company-research helper, but it can automatically move from Exa search into Chrome/authenticated LinkedIn browsing without clear user consent or limits.

Review before installing. Use it for Exa-based company research only unless you explicitly approve browser use, the account/session involved, the allowed sites, and read-only limits for that specific task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly expands from Exa-only research into browser-based access for auth-gated LinkedIn and dynamic pages, which changes the trust boundary and can expose authenticated sessions, private account context, or trigger actions under a logged-in identity. In a research skill, silently escalating to a browser is dangerous because it introduces privacy, consent, and account-risk concerns not present in passive Exa queries.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The metadata presents the skill as Exa-based company research, but the body instructs use of a non-Exa browser fallback, creating a scope mismatch between what users and orchestrators expect and what the skill may actually do. This is risky because it can cause the agent to invoke higher-risk capabilities than advertised, especially in environments where browser access carries access to authenticated data or broader web interaction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The browser fallback for authenticated LinkedIn/Chrome use lacks any requirement to warn the user that the agent may access content through a logged-in session, exposing private data and potentially causing account-attributable activity. In this context, that omission is more dangerous because the skill is framed as ordinary research, so users may not realize it can cross into authenticated, privacy-sensitive browsing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal