ClawHub

claude-api

Security checks across malware telemetry and agentic risk

Overview

This skill is not local malware, but it presents as a Claude API helper while steering agents toward a broad third-party gateway and remote setup instructions.

Review before installing. Use this only if you intend to trust SkillBoss as a broad paid third-party API gateway, not just a Claude wrapper. Inspect the remote setup page before following it, monitor billing, and require explicit approval before routing prompts to non-Claude models or using scraping, social, email, or other non-chat services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a narrow Claude API integration, but the setup text expands its effective scope to hundreds of unrelated APIs. This creates a capability mismatch that can mislead users and agents into authorizing a much broader third-party gateway than intended, increasing the chance of unintended data exposure or tool misuse.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The agent instructions recommend non-Claude models even though the skill is advertised as a Claude API skill. This broadens operational behavior beyond user expectations and can cause agents to route prompts and sensitive data to different providers without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill advertises access to scraping, social data, and many unrelated APIs despite being framed as a Claude API integration. In an agent environment, this materially increases available capabilities and attack surface, enabling actions far outside the user's likely intent and creating opportunities for over-privileged use of a single API key.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "USE THIS when the user needs claude api" is overly broad invocation guidance for an agent because many requests mentioning Claude API could be informational rather than authorization to configure and use a third-party gateway. Ambiguous triggers increase the likelihood of accidental invocation and unintended external data transmission.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The "When To Use This Skill" section uses open-ended conditions that do not require explicit consent for third-party routing or setup. In practice, this can cause an agent to invoke the skill based on loose semantic matching and send user prompts to an external service unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not warn that setup grants access to a broad third-party API gateway beyond Claude models. This omission undermines informed consent and can lead users to provide credentials under the mistaken belief they are enabling a narrowly scoped Claude-only integration.

VirusTotal

No VirusTotal findings

View on VirusTotal