ClawHub
Back to skill

Security audit

Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed retail reporting skill, but it should be configured carefully because it can read business data and send scheduled reports to chat channels.

Install only where the POS/ERP connection can be limited to the intended store data, preferably read-only. Before enabling automatic delivery, verify the delivery channel, recipient IDs, schedule, and opt-out controls, and review any separate connector or report-generation implementation because those files are not included in this package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase "Any data question" creates an overly broad activation condition for a skill that can access POS/ERP business data and generate reports. In practice, this can cause the skill to trigger on unrelated analytics or business questions, leading to unintended data retrieval or disclosure beyond the user's actual intent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description says the skill "also triggers for scheduled automatic report delivery" but does not specify who configures schedules, what safeguards apply, or whether recipient/channel authorization is validated at send time. Ambiguous autonomous triggers are risky because they can cause business reports to be sent without a fresh user action or clear scope controls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly delivers generated reports via external channels like WeCom or Telegram and references configured recipients, but it provides no user-facing warning that sensitive sales, inventory, and staff performance data may leave the primary system boundary. This increases the chance of accidental data leakage, especially if channels are misconfigured, shared, or less secure than the source systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal