ClawHub

AIN - AI Node Plugin

Security checks across malware telemetry and agentic risk

Overview

The plugin appears to do its stated AI routing work, but it needs review because it can route prompts through configured providers while a documented config scoping option is not honored.

Install only if you trust your AIN configuration and the @felipematos/ain-cli dependency. Review which AIN providers are configured before enabling routing or tools, disable enableRouting or exposeTools if not needed, and do not rely on configPath to limit provider or credential use until that behavior is fixed or confirmed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises prompt execution and intelligent routing through external AIN providers, but does not warn that user prompts, system prompts, schemas, and possibly other configured data may be transmitted to third-party services. In an agent/plugin context, this omission can cause operators to unknowingly expose sensitive data to external providers, increasing the risk of confidentiality and compliance violations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes a tool that sends arbitrary prompts through AIN's execution layer to configured providers, but the documentation provides no warning that prompt contents may be transmitted to third-party or remote model backends. In an agent environment, users or downstream developers may assume prompts stay local, causing sensitive data to be unintentionally disclosed to external services through provider routing or fallback behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The routing hook automatically inspects incoming prompts and selects providers/models based on their content, but the skill documentation does not warn that prompt text is being analyzed and may influence external routing decisions. This increases the risk of unintentional data exposure and policy bypass, especially when agents process secrets, internal documents, or regulated data under assumptions of fixed or local model use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `ain_run` tool forwards arbitrary user-supplied prompt content, plus optional system prompt and schema, to an external LLM provider via `run(...)` with no visible consent, disclosure, redaction, or policy gating in this file. This creates a real data-exposure risk because callers may unknowingly send sensitive, proprietary, or regulated information to third-party providers, and the tool surface makes that easy by directly proxying user input.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal