ClawHub

Zillow × Airbnb Matcher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but users should handle the RapidAPI key carefully and understand that live searches contact third-party listing APIs.

Install only if you are comfortable running a Node/npm-based setup script and sending search locations plus your RapidAPI key to the listed RapidAPI services. Prefer setting the key in a protected .env file rather than passing it on the command line, keep that file out of version control, monitor RapidAPI usage, and independently verify any investment or regulatory conclusions before acting on the reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares external installation, uses an environment variable, and clearly relies on networked API access, yet it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or the platform may not realize the skill can access secrets and make outbound requests, which increases the risk of unintended data exposure or unreviewed external communication.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide tells users to write a live API key into a local .env file and also pass it directly on the shell command line. Command-line arguments can be exposed through shell history, process listings, logs, or CI transcripts, and the guide does not warn users about these risks or suggest safer handling. In this skill context, the key grants paid or rate-limited third-party API access, so leakage could lead to quota exhaustion or unauthorized usage.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The trigger phrase "check properties" is generic enough to collide with ordinary user language, making accidental invocation more likely. In this skill's context, accidental execution could cause unintended API calls, consume rate-limited quota, and process user-supplied location data when the user did not intend to run this tool.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installer accepts a secret on the command line and persists it into a local .env file without clearly warning the user that the credential will be stored on disk. This can expose the API key through shell history, process listings, backups, or accidental inclusion of .env in version control, making credential leakage more likely even if the script is not overtly malicious.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The file embeds detailed real-world addresses, geolocation coordinates, and listing URLs for specific properties, which can create privacy and data-handling concerns if redistributed, surfaced to users without notice, or mistaken for approved production data. In this skill context, correlating for-sale homes with active short-term rentals increases sensitivity because it can facilitate profiling of specific properties and owners/hosts beyond a generic demo use case.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal