ClawHub
Back to skill

Security audit

IP Threat Check

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward IP reputation lookup skill, but users should know it sends queried IPs to external services.

Install only if you are comfortable sending searched IP addresses, including bulk file contents, to ip-api.com and optionally AbuseIPDB. Avoid using it for confidential customer, internal, or incident-response indicators unless that third-party sharing is approved, and use a limited AbuseIPDB API key if enabling that source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill metadata declares runtime requirements and clearly implies use of environment variables, file input, and outbound network access, but it does not explicitly declare permissions for those capabilities. This weakens transparency and policy enforcement, making it easier for users or platforms to invoke a skill without understanding that local files may be read, API keys accessed, and queried IPs sent to external services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description says it checks IP reputation using multiple external sources, but it does not warn users that submitted IP addresses may be transmitted to third-party geolocation and threat-intelligence providers. In many environments, queried IPs can be sensitive operational data, so silent disclosure can create privacy, confidentiality, or compliance issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function sends the user-supplied IP address to ip-api.com over the network without any in-code consent prompt, warning, or privacy control. Even though querying a threat-intel provider is the stated purpose of the skill, this still creates a real data-sharing/privacy risk because submitted IPs may be sensitive indicators or customer data and are disclosed to a third party automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal