ClawHub

Followup Swarm

Security checks across malware telemetry and agentic risk

Overview

This customer follow-up skill is not malicious, but it asks the agent to store and process customer contact/address data and write local files without declaring file-write permission.

Review before installing. Use it only if you are comfortable with local CRM/task files being created and with customer contact/address data being entered into CRM and route-planning tools. Add or require explicit user approval for file creation, CRM mutations, and any external map lookup, and define privacy, access-control, and retention rules for customer data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Scope Creep

High
Confidence
98% confidence
Finding
The skill explicitly instructs creating directories and writing multiple task files even though the declared permissions only include file-read. This creates a permission/behavior mismatch that can mislead users and host systems about the skill’s capabilities, and in this context the written content may include customer workflow data that persists locally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The deliverables section directs storage of customer archives and follow-up records containing names and likely contact details in local files, but it does not prominently warn that sensitive personal data will be written to disk. This increases the risk of unintended local exposure, over-retention, and insecure handling of customer PII.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The initialization workflow automatically creates task directories and writes several files, but the skill description does not clearly disclose this side effect up front. Undisclosed persistent writes are risky because users may not realize operational data is being stored locally and retained across sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill collects and records customer names, phone numbers, email addresses, addresses, and lead-source information into CRM workflows without an explicit privacy warning or consent guidance. In a customer-followup context, this is sensitive PII processing and can create compliance, confidentiality, and misuse risks if handled without disclosure and safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The route-planning phase sends start/end locations and visit points to an external LBS service without clearly warning that customer addresses and movement data may be transmitted to a third party. In this business context, that can expose sensitive location information and customer relationships outside the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal