ClawHub

Relay To Agent

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but its session name handling can read or write JSON files outside the advertised local session cache.

Install only if you are comfortable sending prompts and retained session history to the configured AI endpoint. Avoid secrets or regulated data, use trusted API keys and base URLs, and do not use custom session IDs containing path characters until the maintainer constrains session files to the advertised cache directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly relays user prompts to third-party OpenAI-compatible endpoints and later documents that sessions are cached locally, but the description does not warn users that their prompts and conversation history may leave the local environment and be stored on disk. This omission can cause users to send sensitive data under the false assumption that the tool is purely local or ephemeral, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists full conversation transcripts under the user's home directory without any disclosure, consent prompt, retention notice, or file-permission hardening. Because relayed messages may contain prompts, secrets, or sensitive business data, silent local storage increases the risk of unintended disclosure through other local users, backups, malware, or shared environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool sends the user's message plus prior session history to a configured remote API endpoint, but it does not provide an explicit warning at send time about what data leaves the local machine. In this skill's context, the endpoint is configurable via environment/config and may be third-party or self-hosted, so users could unknowingly transmit sensitive prompts, credentials, or prior conversation context to an untrusted service.

External Transmission

Medium
Category
Data Exfiltration
Content
```json
{
  "baseUrl": "https://api.example.com/v1",
  "agents": [
    {
      "id": "my-agent",
Confidence
88% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "baseUrl": "https://api.connectchat.ai/api",
  "agents": [
    {
      "id": "connect-flow-ai",
Confidence
89% confidence
Finding
https://api.connectchat.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal