ClawHub

Auto Tech Research

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it claims live browser research, can use logged-in Chrome sessions, and its bundled script generates synthetic reports with fake example.com sources.

Install only after reviewing the artifacts carefully. Prefer a public, clean browser profile, avoid chrome-relay unless you explicitly approve a named logged-in site, and do not treat generated reports as verified research until the implementation is changed to fetch and validate real sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata claims real browser-driven multi-platform research through Chrome DevTools, but this code only fabricates results from templates and emits fake example.com URLs. In an agent setting, this is dangerous because users and downstream systems may trust the output as if it were grounded in real web research, leading to deceptive decisions, citation laundering, or automation built on false evidence.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The inline comment explicitly states the search is simulated and should call a real API, confirming a mismatch between implementation and advertised behavior. This increases the risk that maintainers ship or enable the skill in production despite knowing it is non-functional, causing silent integrity failures rather than obvious crashes.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest promises HTML output and transparent per-platform success/failure status, but the implementation writes Markdown and only prints simple counts. This is a security-relevant integrity issue because callers may parse the output as structured verified research while missing failure states and source reliability information needed for safe automation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The overview explicitly describes automated multi-platform network retrieval, optional full-text fetching, and output file generation, but does not disclose these side effects to the end user at the point of use. In an agent skill, undisclosed external access and local artifact creation can surprise users, violate expectation boundaries, and increase the risk of unintended data handling or persistence.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are generic enough that normal conversation about researching or analyzing a technology could unintentionally activate the skill. In an agent environment that can drive a browser and collect data across many platforms, accidental invocation can lead to unnecessary browsing, data collection, and report generation without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes extensive multi-platform collection and saved report generation, but does not prominently warn about the scope of browsing, external site access, and artifact creation. Users may not realize the skill will automate searches across many services and persist gathered results, which increases privacy, consent, and operational risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly contemplates using the user's logged-in Chrome profile via chrome-relay to access sites, but it does not provide a strong user-facing consent and privacy boundary. This is dangerous because browser automation operating in an authenticated session can access personalized data, session-scoped content, and potentially perform unintended actions if navigation or page interaction logic is broadened or compromised.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal