ClawHub

Test Gas Skill

Security checks across malware telemetry and agentic risk

Overview

This gas-price lookup skill has privacy and accuracy caveats, but its network use, file output, optional browser scraping, and daily alerts are disclosed and aligned with its purpose.

Install only if you are comfortable sharing ZIP code or coordinate-based searches with external services such as OpenStreetMap/Nominatim/Overpass and, optionally, GasBuddy or Telegram. Treat prices as estimates unless you verify them elsewhere, especially outside Columbus, Ohio, and enable daily cron alerts only intentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation instructs use of scripts that perform network access and file output, yet no permissions are declared. This creates a transparency and consent problem: users and the platform may not realize the skill can contact external services and write local files, which increases the risk of unexpected data exposure or unauthorized persistence.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior materially differs from the stated purpose: it implies nationwide gas monitoring and alerts, but actually relies on estimation, undisclosed third-party services, optional scraping/Playwright automation, and incomplete location-specific logic. This is dangerous because users may make decisions based on inaccurate or misunderstood behavior, and undisclosed scraping/network activity can violate expectations, policies, or data-handling assumptions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script claims to find and monitor gas prices, but it primarily enumerates station locations from OSM and then fabricates estimated Costco prices using a hard-coded discount. In a consumer decision-making skill, presenting estimates as price data can mislead users into acting on inaccurate information, especially because the manifest promises broader, real monitoring capability.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Core behavior is anchored to Columbus, Ohio via a hard-coded downtown reference and a fixed Costco list, despite the skill metadata claiming support for any US location. This creates deceptive functionality and can produce incorrect filtering and summaries for users searching elsewhere, undermining trust and potentially causing bad decisions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The helper advertises distance calculation from a provided reference point, but the gas-station filtering path uses the default Columbus reference instead of the user's chosen search coordinates. As a result, stations can be wrongly included or excluded, making the output materially incorrect for non-Columbus searches and violating user expectations about location accuracy.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README encourages scheduled daily execution but does not disclose that each run may send user location data (ZIP code or coordinates) to external geocoding/OpenStreetMap services and may create local output files if configured. This is a genuine transparency and privacy issue because users may automate recurring location lookups without realizing the ongoing external data transmission and persistence implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill encourages scheduled daily notifications and says summaries will be sent via Telegram, but it does not provide an explicit warning about ongoing messaging, retention, or sharing of location-related data with external services. This can lead to unintended continuous notifications and disclosure of a user's location/preferences to messaging or upstream providers without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal