ClawHub

Web Intel

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate web research tool, but its deep mode can use a logged-in Chrome session and it does not clearly gate that sensitive access.

Install only if you want a web research router that may send queries and URLs to external providers. Treat deep mode as sensitive: use it only for pages you intentionally want accessed with your logged-in browser, and avoid private account pages, internal URLs, or links containing tokens unless you have explicitly approved that access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and operationalizes network access and shell-based invocation of external tools, but does not declare permissions or safety boundaries. This creates a transparency and policy-enforcement gap: callers may invoke a capability set broader than expected, including remote fetching and local command execution pathways.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that deep mode can automatically connect to a CDP proxy on localhost:3456 that is attached to the user's Chrome session and 'naturally carries login state.' That can expose authenticated content, cookies, session-derived data, and private account context without an explicit per-use warning or consent step, making privacy-sensitive access easy to trigger indirectly through routing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill forwards user-supplied URLs to r.jina.ai and user queries/URLs to firecrawl without any explicit consent, warning, or data-classification check. In an agent setting, this can unintentionally leak sensitive prompts, internal URLs, or proprietary research targets to third-party services and logs.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal