ClawHub

Lightcone Session

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud-computer control skill, but it needs review because it normalizes login, private page extraction, and shell-command use without clear safety boundaries.

Review carefully before installing. Use it only with accounts and sites you are comfortable exposing to a remote cloud computer, avoid entering real passwords or sensitive data unless explicitly intended, approve any private page extraction or debug command case by case, and close sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to encourage activation for generic browser or desktop automation, including sensitive workflows such as logins and multi-step account interactions. Ambiguous triggers increase the chance the agent will invoke this skill in higher-risk contexts without explicit user confirmation or tighter policy checks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly walks through a login flow, password entry, and post-login page extraction without any warning about handling credentials, session data, or private content. In a tool that can see screenshots and extract HTML from authenticated pages, this normalizes access to sensitive information and could enable credential capture or exfiltration of private account data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Documenting a `debug` action that runs arbitrary shell commands inside the cloud computer, without any safety constraints, creates a powerful code-execution primitive. Even if intended for troubleshooting, this expands the attack surface to command execution, data harvesting, persistence attempts, or bypass of browser-only restrictions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal