ClawHub

Readdy.ai WebSite Builder

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Readdy.ai website-management skill whose remote project actions and stored API key are expected for its purpose, though users should confirm sensitive operations carefully.

Install only if you intend Codex to manage Readdy.ai projects from your account. Configure a dedicated Readdy API key if possible, avoid putting secrets in website prompts, and verify the target project ID before modify, update, or delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill advertises itself for very broad requests like "create a website" and "build a website," which can cause it to activate for generic web-development tasks that may not actually require Readdy.ai. Overbroad trigger phrases increase the chance the agent invokes an external-project-management skill unexpectedly, leading to unintended API-backed actions, user confusion, or destructive operations such as project modification or deletion in the wrong context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `delete` command performs a destructive project deletion immediately once invoked, with no confirmation prompt, dry-run, or explicit warning. In an agent skill context, this increases the risk of accidental or prompt-induced destructive actions that permanently remove user data before the user has a chance to review the target project ID.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: readdy
description: >-
  This skill should be used when the user asks to "create a website",
  "generate a website", "build a website", "modify a website",
  "update my Readdy project", "preview my website", "delete a project", "list my projects"
  or mentions Readdy.ai project management. Provides CLI-based website
Confidence
80% confidence
Finding
create a website", "generate a website", "build a website", "modify a website", "update my Readdy project", "preview my website", "delete a project", "list my projects" or mentions Readdy.ai pro

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal