ClawHub

ClawPrint - Captchas for AI verification

Security checks across malware telemetry and agentic risk

Overview

The skill’s external challenge API is disclosed and purpose-aligned, but it encourages using an AI-verification result to gate sensitive actions such as sharing API keys or protected resources.

Install only if you intentionally want to use the ClawPrint external service and can protect the required keys. Do not use this skill’s pass/fail result as the sole reason to share credentials, API keys, protected resources, or perform privileged actions; require normal identity, authorization, and human or policy approval for sensitive decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill requires shell tools (`curl`, `jq`) and provides executable shell commands, but it does not declare corresponding permissions. This creates a capability mismatch that can cause agents or operators to run networked shell actions without appropriate policy review, increasing the chance of unintended external access and unsafe execution.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad enough that ordinary phrases like 'verify' or 'prove that someone is an AI' could invoke the skill in routine conversations. In this context, unintended invocation is risky because the skill can initiate external requests and may influence decisions about releasing sensitive resources.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Example trigger phrases such as 'Make sure they're an AI first' are vague and overlap with normal conversational language. Because the skill is tied to authentication-like decisions and outbound API use, accidental activation could cause trust decisions or challenge issuance in situations where it was not intended.

Ssd 4

High
Confidence
97% confidence
Finding
The skill explicitly recommends using 'AI verification' before sharing sensitive API keys or gating access to protected resources. This is dangerous because being an AI is not a legitimate authorization factor; it encourages agents to treat a conversational challenge as sufficient proof to release credentials or elevate access, enabling social-engineering-driven privilege escalation.

Ssd 4

High
Confidence
98% confidence
Finding
The instruction to 'proceed with the gated action' after successful challenge/validation operationalizes the unsafe trust model into an authorization decision. In context, this makes the skill more dangerous because it directly converts a weak, gameable signal into permission to access restricted resources or workflows.

External Transmission

Medium
Category
Data Exfiltration
Content
emoji: "\U0001F43E"
    requires:
      bins:
        - curl
        - jq
      env:
        - CLAWPRINT_SERVER_URL
Confidence
88% confidence
Finding
curl - jq env: - CLAWPRINT_SERVER_URL - CLAWPRINT_SITE_KEY - CLAWPRINT_SECRET_KEY --- # ClawPrint Verify Verify that another user or agent in a conversation is

External Transmission

Medium
Category
Data Exfiltration
Content
Submit the answer to the ClawPrint server:

```bash
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/verify" \
  -H "Content-Type: application/json" \
  -d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"answer\": \"THE_ANSWER\"}" | jq .
```
Confidence
82% confidence
Finding
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/verify" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
For additional security, validate with your secret key:

```bash
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \
  -H "Content-Type: application/json" \
  -d "{\"challenge_id\": \"THE_CHALLENGE_ID\", \"secret_key\": \"${CLAWPRINT_SECRET_KEY}\"}" | jq .
```
Confidence
96% confidence
Finding
curl -s -X POST "${CLAWPRINT_SERVER_URL}/api/v1/validate" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal