ClawHub

Publish site on Qutke

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it publishes user-selected files to Qutke, but users should treat publishing targets, claim tokens, and saved API keys as sensitive.

Install this only if you want the agent to publish selected files to a public Qutke URL. Review folders before publishing, avoid secrets or private files, use the API-key flow only if you want persistent account-backed publishing, and keep ~/.onqutke/credentials plus .onqutke/state.json out of version control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill extends beyond simple file publishing by instructing the agent to obtain and persist long-lived account credentials. That broadens the trust boundary from one-time content upload to ongoing account access, which is unnecessary for the core task and increases the blast radius if the agent mishandles or later reuses the key.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough to match common conversational requests such as 'share this online' or 'make a website,' which could invoke a publishing workflow unexpectedly. In this skill, accidental invocation is especially risky because the primary action is external publication of local files to a public URL.

Ssd 3

High
Confidence
97% confidence
Finding
The skill tells the agent to collect a user's email address and one-time login code, exchange them for an API key, and then store that key locally. This trains the agent to act as a credential broker for a persistent account secret, which is dangerous because it centralizes sensitive authentication material in the agent environment and normalizes asking users to paste login codes into chat.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal