ClawHub

Geo Ai Plugin Builder

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a planning and template skill for designing AI plugin blueprints, with no evidence of hidden installs, credential use, data exfiltration, or destructive behavior.

This skill looks safe to install as a design assistant. Treat its outputs as drafts: before implementing any generated plugin, verify data access, authentication, user consent, privacy constraints, and whether stateful workflows store sensitive information.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

If a generated plugin design is copied directly into a production system, mistakes in scope, validation, or permissions could expose more functionality than intended.

Why it was flagged

The skill is intended to generate designs that may later become real tools connected to APIs or endpoints. This is purpose-aligned, but generated specs should be reviewed before implementation.

Skill content
Produce implementation-ready artifacts ... Technical blueprints (OpenAI tools, Claude Tools, HTTP endpoints, or internal APIs).
Recommendation

Review generated schemas, endpoints, authentication assumptions, rate limits, and user-approval requirements before building or deploying any plugin.

#ASI06: Memory and Context Poisoning
Info
What this means

A plugin built from these patterns could retain user context or session state, which may include sensitive business or customer information.

Why it was flagged

The reference material recommends stateful workflow patterns for user-built plugins. This is expected for workflow design, but stored session/context data needs boundaries if implemented.

Skill content
Store partial state in a structured way (session or context object).
Recommendation

For any stateful plugin design, define what data is stored, how long it is retained, who can access it, and how users can clear or revoke it.