ClawHub

Hugging Face

Security checks across malware telemetry and agentic risk

Overview

This Hugging Face skill is coherent, but it needs review because it can use delegated account access to delete, move, modify, or directly call Hugging Face APIs without explicit safety guardrails.

Install only if you trust Membrane and are comfortable granting delegated Hugging Face access. Use the least-privileged Hugging Face permissions available, review any OAuth or connection prompts, require explicit confirmation before delete, move, transfer, visibility, gated-access, discussion, or raw proxy API actions, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents destructive capabilities such as deleting or moving repositories without any requirement to obtain explicit user confirmation or warn about irreversible effects. In an agent setting, this increases the chance that a model could invoke high-impact actions from ambiguous prompts or planning errors, causing unintended loss or modification of Hugging Face assets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The proxy request section encourages arbitrary direct API calls over the network but does not warn that request paths, headers, query parameters, and bodies may contain sensitive or regulated data sent to an external service. In an agent workflow, this can lead to unreviewed exfiltration of user data or unintended transmission of private repository contents when the agent falls back to raw requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal