ClawHub

App Packager

Security checks across malware telemetry and agentic risk

Overview

This app-packaging skill is mostly purpose-aligned, but it handles upload credentials unsafely by instructing the agent to print the API key back into chat.

Review before installing. Use only on the intended local project, confirm the branch and working tree before running, inspect the referenced packaging scripts, and do not paste live Pgyer API keys into chat unless you are comfortable with them appearing in the transcript. The API key should be redacted from output before this is treated as routine-safe.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill includes logic to echo the user-provided API_KEY, and even mention use of a default key, in the completion message. Secrets should never be reflected back to the user or chat transcript because they can be exposed to logs, screenshots, shared conversations, or downstream systems that store agent outputs.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The natural-language triggers are broad enough to activate on generic build or packaging requests, which can cause the skill to perform side-effectful actions such as branch switching, pulling code, and running packaging scripts without sufficiently explicit consent. Because this skill makes repository and build-environment changes, overbroad activation increases the risk of unintended execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description emphasizes packaging convenience but does not clearly disclose that the skill may switch Git branches and pull from origin before building. Hidden repository-modifying behavior is dangerous because users may trigger the skill expecting a local build only, while the skill changes workspace state and may disrupt uncommitted work or build from unexpected code.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill supports upload to a third-party service and accepts API keys and release notes, but the description does not clearly warn that these credentials and build metadata may be transmitted externally. Users may unknowingly provide secrets or sensitive release information under the assumption the operation is purely local.

Ssd 3

High
Confidence
99% confidence
Finding
This is a clear secret-disclosure issue: the final build feedback is instructed to print the API_KEY when upload is enabled. Exposing a live upload credential in output can let anyone with access to the transcript reuse the key to upload, overwrite, or interact with the third-party distribution service, and it also normalizes insecure secret handling.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal