ClawHub

Site Watch

Security checks across malware telemetry and agentic risk

Overview

This web-monitoring skill is mostly purpose-aligned, but its AI summaries can send page-change excerpts to DeepSeek or custom LLM services despite also claiming data stays local.

Review before installing if you may monitor private dashboards, authenticated pages, business data, or personal information. Use `--no-summary` or avoid setting `DEEPSEEK_API_KEY` and `SITEWATCH_LLM_*` variables if you want local-only monitoring, and configure webhooks/email only to destinations you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The claim of 'zero cloud dependency' is misleading because the skill supports sending page diffs to DeepSeek or custom external LLM endpoints for AI summaries. Misrepresenting external data flow can cause users to enable features without understanding that monitored content may leave the local system.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The AI Summary section mentions external LLM support, but it does not provide a strong user-facing warning that content diffs from monitored pages may be transmitted off-device when summaries are enabled. Because this skill monitors arbitrary web content, the context increases risk: users may watch private dashboards, internal pages, or sensitive business content and unknowingly export excerpts to third parties.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code sends change excerpts and diffs to a configurable external LLM endpoint, which is an external transmission of potentially sensitive monitored-page content. Although the code attempts to reduce exposure with maskPII() and truncation, those controls are incomplete guarantees and there is no explicit consent gate, allowlist, or warning at the point where data leaves the system.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When DEEPSEEK_API_KEY is present, the skill automatically transmits page-change content to DeepSeek, a third-party service. Even with masking and truncation, the transmitted snippets may still contain sensitive business, personal, or proprietary information from monitored pages, and the network call occurs without an explicit per-use warning or consent check in this code path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal