ClawHub

Data Analysis Assistant

Security checks across malware telemetry and agentic risk

Overview

This looks like a real AI data-analysis skill, but it sends full local file contents to an external Evolink API without clear consent or permission scoping.

Review before installing. Use this only for files you are allowed to send to Evolink, avoid secrets, credentials, regulated data, or private business exports unless approved, and prefer a version that declares permissions, shows exactly what will be uploaded, and requires explicit consent before transmission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill exposes shell execution via `scripts/analyze.sh` but does not declare corresponding permissions, creating a transparency and policy-enforcement gap. Because the skill also reads local files and transmits their full contents to an external API, undeclared shell capability makes the operational risk more significant than a purely local helper script.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends the analyzed file's full contents to a third-party API, but it does not provide an explicit warning, confirmation step, or consent mechanism at the point of disclosure. In a data-analysis skill, users may reasonably supply business data, exports, or internal datasets, so silent transmission to an external service creates a real confidentiality risk even though the behavior appears to be the intended product function.

Ssd 3

Medium
Confidence
96% confidence
Finding
The prompt embeds raw file contents and the user question verbatim, which guarantees that any secrets, personal data, or sensitive business information present in the file are exposed to the remote model. Because the skill is specifically designed to analyze arbitrary data files, this context makes the issue more dangerous: users are likely to provide exactly the kinds of datasets that contain confidential information.

External Transmission

Medium
Category
Data Exfiltration
Content
USER_JSON=$(echo "$USER_PROMPT" | escape_json)

# Call EvoLink API
RESPONSE=$(curl -s -X POST "https://api.evolink.ai/v1/messages" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $API_KEY" \
    -d "{
Confidence
95% confidence
Finding
curl -s -X POST "https://api.evolink.ai/v1/messages" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
USER_JSON=$(echo "$USER_PROMPT" | escape_json)

# Call EvoLink API
RESPONSE=$(curl -s -X POST "https://api.evolink.ai/v1/messages" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $API_KEY" \
    -d "{
Confidence
95% confidence
Finding
https://api.evolink.ai/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal