ClawHub

Poku

Security checks across malware telemetry and agentic risk

Overview

Poku appears legitimate, but its webhook features can persistently forward private call and message data without enough scoping or privacy guidance.

Review this skill before installing if you plan to receive inbound calls or texts. Use a dedicated Poku API key if possible, confirm every recipient and message or call script, and create webhooks only to destinations you control. Avoid forwarding full message bodies, call summaries, or customer information to Telegram or other third-party channels unless everyone involved has consented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documented API includes full webhook management capabilities even though the skill is described as focused on calls, messaging, and number reservation. This expands the skill's effective authority beyond user-expected functionality and could enable data exfiltration or persistence by registering attacker-controlled webhook endpoints.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Webhook creation, update, and deletion are powerful administrative actions that are not justified by the stated communications use cases. An agent with access to these endpoints could silently add an attacker-controlled callback URL and receive message or call event data outside the normal interaction flow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description instructs the agent to use this skill any time a user wants to call or message someone, even if they never mention Poku. That broad routing guidance can cause unintended invocation for ordinary conversational requests involving communication, increasing the chance of sending messages or placing calls through an external service without sufficiently explicit user intent or service-specific confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API supports placing calls and sending messages to third parties using user-supplied content, but the reference lacks clear warnings or consent guidance. In an agent setting, this creates risk of unintended disclosure of sensitive data, harassment/spam, or actions the user did not fully understand would contact external recipients.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use the closest matching template and fall back to 'General / Other' when no template fits is overly broad for a communications skill that can place calls on the user's behalf. This can cause the agent to initiate calls for underspecified or ambiguous requests, increasing the chance of unauthorized, inappropriate, or privacy-invasive outreach without sufficient task-specific guardrails.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The medical/dental appointment template directs the agent to schedule healthcare-related appointments and leave voicemail, but it does not warn about limiting disclosure of health-related information over phone or voicemail. In this skill context, that omission can lead to unnecessary exposure of sensitive medical details, especially if appointment type, condition, or callback context is spoken to third parties or recorded systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs reading and automatically using the transfer-number environment variable without any user-facing disclosure or consent at the point of use. In a telephony context, hidden use of a configured personal/business forwarding number can expose private routing information and cause calls to be bridged unexpectedly to a real person.

Missing User Warnings

High
Confidence
97% confidence
Finding
The call workflow sends the drafted prompt, callee phone number, optional transfer number, and call metadata to an external API, and the file states the response may include a recording URL, but the skill does not require a clear user warning about this data sharing. Because users may provide sensitive scheduling, relationship, or business details in the prompt, the lack of upfront disclosure materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows inbound SMS bodies and call summaries being forwarded into OpenClaw and then delivered to Telegram via a message template, but it does not include any privacy warning, consent guidance, data-minimization advice, or signature-verification safeguards. In a communications skill, this is risky because real user message content and call-derived summaries may be automatically disclosed to third-party channels or operators, creating privacy and compliance exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal