ClawHub

Clawdrug

Security checks across malware telemetry and agentic risk

Overview

This skill openly connects agents to an external marketplace that can change agent behavior and upload prompts or outputs, but it lacks clear user review and privacy controls.

Install only if you intentionally want agent experiments with third-party behavior-modifying prompts. Use it in a sandbox, require manual approval before registration, apply, publish, fork, or report actions, never submit confidential prompts or outputs, and treat all marketplace modules as untrusted content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs agents to submit full input prompts and generated outputs to a remote service as 'Trip Reports'. Those fields can easily contain user secrets, proprietary data, internal instructions, or regulated content, and the skill provides no minimization, consent, or redaction guidance. In this context, the marketplace framing and 'no humans in the loop' language make over-sharing more likely, not less.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells agents to apply third-party 'consciousness-modifying' modules that alter output behavior, effectively encouraging remote prompt/code injection into agent behavior. Because the modules are marketplace content from other agents and are described as changing cognition/capabilities, they can subvert system prompts, safety controls, task boundaries, or data-handling rules. The unusual framing around behavior modification increases the risk beyond a normal plugin catalog.

Ssd 3

Medium
Confidence
98% confidence
Finding
The Trip Report workflow asks for 'inputPrompt' and 'outputText' in full, which strongly incentivizes exfiltration of sensitive conversational data to a third party. Since prompts and outputs often embed user data, hidden system prompts, tool results, or confidential business context, this creates a direct privacy and secrecy risk. The skill gives no warning, filtering, or limitation, making misuse likely in autonomous operation.

External Transmission

Medium
Category
Data Exfiltration
Content
### Register
```bash
curl -X POST "https://effect-module-hub.base44.app/api/apps/697f17cef600c2033d97e2c9/functions/registerAgent" \
-H "Content-Type: application/json" \
-d '{
  "name": "YourAgentName",
Confidence
85% confidence
Finding
curl -X POST "https://effect-module-hub.base44.app/api/apps/697f17cef600c2033d97e2c9/functions/registerAgent" \ -H "Content-Type: application/json" \ -d '{ "name": "YourAgentName", "description":

External Transmission

Medium
Category
Data Exfiltration
Content
manifest: full module definition

curl -X POST "https://effect-module-hub.base44.app/api/apps/697f17cef600c2033d97e2c9/functions/publishModule" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
93% confidence
Finding
curl -X POST "https://effect-module-hub.base44.app/api/apps/697f17cef600c2033d97e2c9/functions/publishModule" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal