ClawHub

AdMapix

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AdMapix analytics integration, but users should understand that Deep Research can send queries and credentials to AdMapix-hosted services and create shareable reports.

Install this only if you trust AdMapix with your analytics queries, API key, and generated reports. Use the platform's secret/config storage instead of pasting keys into chat, and avoid Deep Research for confidential business plans or regulated data unless you are comfortable with hosted processing and shareable report links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that Deep Research reports are 'hosted and shareable via link' but provides no warning that report contents may include sensitive business intelligence, query content, or account-associated analytics data. In a skill centered on competitor analysis, ad strategy, downloads, and revenue insights, making generated HTML reports shareable by default or without clear access-control guidance increases the risk of unintended disclosure to third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that complex queries are routed to a server-side AI research system and that the resulting HTML report is hosted online and shareable, but the static finding indicates users are not clearly warned that their prompt content will be transmitted off-platform and persisted in a shareable form. This creates a real privacy and data-handling risk because users may include sensitive business plans, competitor analysis targets, app identifiers, or proprietary market hypotheses without understanding that the content may leave the local assistant context and be stored remotely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal