ClawHub

Deno Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Deno deployment helper, but it can publish code publicly and create Deno resources using stored credentials without narrow activation or explicit confirmation.

Install only if you want an agent to publish apps to your Deno account. Before each deployment, confirm the exact code, project name, Deno organization, and that the resulting URL will be public; use a dedicated limited token if possible, protect or rotate the stored credentials, and avoid deploying secrets or private source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
96% confidence
Finding
The description uses very broad trigger phrases like 'live', 'hosted', 'shareable via URL', and 'accessible online', which can cause the skill to activate in situations the user did not intend. Because this skill can publish content externally, over-triggering materially increases the chance of accidental code deployment or disclosure to a third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions describe collecting an org ID and access token and using them to deploy code, but they do not explicitly warn the user that their code and deployment data will be transmitted to Deno's external service. In a skill whose primary purpose is publishing content online, omission of that disclosure undermines informed consent and can lead to unintended external sharing of sensitive material.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script prints the full deployment response JSON to stdout, which may include operational metadata and could expose sensitive values such as environment-variable names/values or internal deployment details depending on the API response schema. In agent or shared-terminal contexts, stdout is often logged, persisted, or shown to users, making accidental disclosure more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal