ClawHub

UA1 Validator Agent

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it validates a user-selected PDF by uploading it to the disclosed UA1 API, with privacy and dependency caveats users should notice.

Install only if you are comfortable uploading the PDFs you validate to api.ua1.dev or to the endpoint set in UA1_API_BASE. Avoid using it on confidential, regulated, or customer documents unless that endpoint is approved for those files, and make sure bash, curl, mktemp, and jq are available locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs agents to execute a shell script (`bash scripts/validate_pdf.sh ...`) but does not declare corresponding permissions or constraints. Hidden or undeclared execution capability increases the chance that an agent or reviewer will underestimate what the skill can do, which weakens trust boundaries and may enable unintended command execution in environments that rely on permission declarations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly tells agents to upload local PDF files to a remote API but does not warn that document contents leave the local environment. This is dangerous because PDFs often contain sensitive business, legal, or personal data, and an agent may transmit them to a third-party service without the operator realizing the privacy, compliance, or data residency implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script uploads the provided PDF to a third-party service using curl, but it gives no explicit warning, consent prompt, or disclosure that local file contents will leave the host. Because PDFs often contain sensitive business or personal data, this creates a real confidentiality risk if the caller assumes validation is local or does not realize the destination can be changed via UA1_API_BASE.

External Transmission

Medium
Category
Data Exfiltration
Content
## Endpoints

- Health: `GET https://api.ua1.dev/api/health`
- Validate: `POST https://api.ua1.dev/api/validate`
- Compact mode: `POST https://api.ua1.dev/api/validate?format=compact`
- Metrics: `GET https://api.ua1.dev/api/metrics`
Confidence
96% confidence
Finding
https://api.ua1.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
- Health: `GET https://api.ua1.dev/api/health`
- Validate: `POST https://api.ua1.dev/api/validate`
- Compact mode: `POST https://api.ua1.dev/api/validate?format=compact`
- Metrics: `GET https://api.ua1.dev/api/metrics`

## Required contract
Confidence
96% confidence
Finding
https://api.ua1.dev/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal