ClawHub

POLICY-MANAGER

Security checks across malware telemetry and agentic risk

Overview

This insurance policy skill fits its stated workflow, but it needs review because it stores highly sensitive personal and payment-related data with weak scoping and under-disclosed network behavior.

Install only in a controlled insurance-processing environment. Protect the policies directory, validate task numbers before use, restrict update types, disable or tightly allowlist POLICY_API_URL, require HTTPS, and add consent, retention/deletion, redaction, and access-control procedures before using real identity documents or bank-card data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to collect and update insurance policy records containing highly sensitive personal data, including identity numbers, addresses, and other applicant details, yet it provides no explicit privacy notice, consent requirement, retention policy, or handling constraints. In this context, the omission is dangerous because the skill normalizes large-scale PII processing and storage without informing users of the sensitivity or required safeguards.

Missing User Warnings

High
Confidence
98% confidence
Finding
The examples explicitly instruct processing and storing identity document data and bank card information, which significantly raises the risk of privacy harm, fraud, and regulatory noncompliance if mishandled. Because the skill presents these operations as routine without any warning, masking guidance, or secure-handling requirements, it increases the chance that downstream agents or operators will expose or over-collect sensitive personal and financial information.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill sends insuranceCode and productCode to a remote endpoint derived from configuration, but there is no consent, allowlist, or disclosure around this outbound transmission. In environments where identifiers are sensitive or where the endpoint can be influenced, this can leak business or customer-related metadata to unintended services.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal