ClawHub

VOC Growth Report

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate comment-analysis/reporting skill, but it needs review because it handles identifiable comment-export data and encourages file/server delivery without clear user controls.

Install only if you intend to analyze social-media comment exports and are authorized to process that data. Before using it, remove or mask unnecessary identifiers such as IP addresses, profile links, and user IDs, and require the agent to confirm the exact file path and preview-server settings before it writes files or starts any local service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The listing explicitly normalizes ingestion and analysis of comment exports containing personal data such as IP addresses, user IDs, user links, and names, but provides no privacy warning, minimization guidance, or handling restrictions. In a skill meant for business analysis and report generation, this omission can lead users to process, retain, and redistribute personal data in reports or Feishu/Bitable workflows without considering privacy, consent, or compliance obligations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description is overly broad and encourages invocation for many generic analysis, reporting, Feishu, and HTML-delivery requests, not just narrowly scoped CSV-based VOC workflows. In an agent system that auto-selects skills from descriptions, this can cause the skill to activate in contexts where file handling, report generation, or delivery behaviors are unexpected, increasing the chance of inappropriate actions or data exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to generate HTML, save it to a file, start a local static preview service, and return a preview link/path, but provides no safety checks, user confirmation requirements, or restrictions on where files are written or what server is started. In agent environments with tool access, this can lead to unreviewed filesystem writes and unintended local service exposure, especially when the user only asked for analysis rather than execution-oriented delivery steps.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The prompt explicitly instructs the agent to write an HTML file to local storage and start a local preview/static server, but it provides no requirement to obtain user consent, disclose filesystem modification, or constrain network exposure. In an agent setting, this can cause unexpected local state changes and may expose report contents on a locally reachable interface, which is especially sensitive because the data source is user comment CSVs that may contain personal or business-sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal