ClawHub

Multi-LLM Ensemble (MoA)

Security checks across malware telemetry and agentic risk

Overview

This skill openly sends a user prompt to configured LLM providers, combines their answers, and only writes files when the user asks it to.

Install only if you are comfortable with prompts and model outputs being sent to every configured provider. For confidential work, choose providers explicitly with --models, unset API keys for providers you do not want used, prefer local Ollama where appropriate, and avoid saving JSON logs that may contain private data or secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises execution that reads environment variables, performs network calls to multiple third-party LLMs, and can write outputs to files, but it declares no permissions. That mismatch is dangerous because users and policy systems cannot accurately understand or constrain the skill's real capabilities, especially when prompts may contain sensitive data and are transmitted externally.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger criteria are broad enough to match many normal agent tasks, including high-stakes decisions, research, code review, and any situation where a single model seems insufficient. This increases the chance the skill is invoked unexpectedly, causing unnecessary external sharing of user prompts, extra cost, and broader exposure of sensitive context.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description promotes quality improvements but does not warn that the same prompt may be sent in parallel to multiple external LLM providers. This is dangerous because users may unknowingly disclose confidential, proprietary, regulated, or personal information to several vendors at once, multiplying privacy, compliance, and retention risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs users to export API keys and to save full model outputs in JSON, but it does not warn that prompts and responses may contain secrets, proprietary data, or regulated information. In a multi-LLM skill, this is more dangerous because the same sensitive input may be replicated across several third-party providers and then persisted to disk, increasing exposure and leakage risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the full user-supplied prompt to multiple third-party LLM providers and, by default, may also send it to a local Ollama instance. In a skill intended for high-stakes reasoning, prompts may contain sensitive business, personal, or credential material; without an explicit disclosure or consent step, this creates a real confidentiality risk even though it is part of the feature design.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal