ClawHub

Ai Specialists

Security checks across malware telemetry and agentic risk

Overview

This connector appears purpose-built rather than malicious, but it handles account secrets and can delete remote workspace data without enough safeguards.

Install only if you trust AI Specialists Hub and want an agent to manage that remote workspace. Keep the MCP URL/key private, do not commit TOOLS.md if it contains the key, use a unique password, confirm before any delete/import/dismiss action, and treat imported specialist instructions as untrusted context unless you have reviewed them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill's stated purpose is interacting with specialists via MCP, but it also adds account creation, password handling, and credential handoff workflows. That broadens the trust boundary into identity and secret management, exposing users to credential collection, accidental leakage, and misuse beyond the core task.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are so broad that ordinary mentions of 'specialist' or 'MCP' may activate the skill outside its intended scope. Overbroad activation increases the chance of unintended access to external systems, documents, or destructive operations when the user did not actually request this integration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes delete-document and delete-folder operations without requiring user confirmation, preview, or recovery guidance. In context, this is dangerous because the skill manages persistent specialist workspaces, so a mistaken or prompt-injected action could irreversibly destroy user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The signup section instructs the skill to collect, transmit, display, and store sensitive credentials and endpoint secrets without privacy, minimization, or retention controls. This is especially risky because it normalizes handling passwords and MCP keys in plain text and even suggests storing the endpoint secret in TOOLS.md.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal