ClawHub

user-test-toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate user-testing toolkit, but it can collect and send detailed behavior and survey data without built-in privacy controls.

Install only if you intend to add behavioral analytics and surveys to a test site. Before using it with real users, add a clear privacy notice or consent step, restrict collection to non-sensitive pages, use a trusted HTTPS endpoint, avoid collecting filenames and free text unless necessary, and define retention/deletion rules for the collected data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code actively rewrites same-origin links to append uid, test, and multiple survey-related parameters, which goes beyond passive analytics and changes application behavior. This can propagate identifiers across pages, increase unintended tracking scope, and leak experiment/survey state via shared URLs, browser history, referrers, screenshots, or copied links.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README markets full-session sensing of user actions, hesitation, confusion, and emotion, but does not mention notice, consent, retention, or privacy safeguards. In a tracking/survey toolkit context, this omission can lead adopters to deploy invasive telemetry without informing end users, creating privacy, compliance, and trust risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The integration snippet tells users to include tracker and survey scripts, while the module table later notes a configurable endpoint, but the setup steps do not warn that telemetry may be transmitted off-page. This makes silent data exfiltration-by-configuration more likely because integrators may copy-paste the setup without understanding network, privacy, or security implications.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly promotes broad collection of user behavior, hesitation, confusion signals, heat zones, questionnaires, and server-side reporting, but provides no user-facing consent, notice, minimization, or retention guidance. In a web context, this can lead operators to deploy invasive telemetry that captures sensitive behavioral and free-text data without adequate privacy controls.

Missing User Warnings

High
Confidence
96% confidence
Finding
The examples normalize sending detailed event streams to an arbitrary endpoint with no warning about transport security, authentication, data classification, or user consent. This makes unsafe deployment easy and encourages operators to centralize rich interaction data in ways that could expose personal or sensitive information if the endpoint is misconfigured or compromised.

Missing User Warnings

High
Confidence
97% confidence
Finding
The event catalog includes potentially sensitive fields such as URL, referrer, error details, selectors, input lengths, file metadata, tab activity, behavioral timing, and survey responses, yet the documentation offers no minimization boundaries or warning that these may contain personal, confidential, or regulated data. Collecting this level of detail can enable deanonymization, session reconstruction, and leakage of user content or internal application structure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script collects detailed telemetry, ratings, timestamps, and free-text responses, then records and flushes them through `UserTestTracker` without presenting any privacy notice, consent flow, or data-use disclosure in this file. In a user-testing context this can expose personal or sensitive information users type into comments and feedback fields, creating privacy/compliance risk and unintended data collection.

Missing User Warnings

High
Confidence
96% confidence
Finding
The tracker batches and transmits detailed behavioral telemetry to a configurable remote endpoint, including full URL, referrer, timing, interaction sequence, and session identifiers, without any visible notice, consent, minimization, or endpoint restrictions in this file. In skill context, this is more dangerous because it is designed for broad page-wide monitoring and can silently exfiltrate sensitive user behavior to any configured destination.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script records file-selection metadata and input/survey interaction details without visible user warning or consent. Even without file contents, filenames, MIME types, sizes, and response data can reveal sensitive personal or business information, and this tracker is broad enough to capture such data across the site.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The spec explicitly stores survey state in sessionStorage under a key derived from a user identifier (`sv_state_{uid}`), but it does not mention any user notice, consent, retention policy, or minimization of the identifier. Even though sessionStorage is scoped to the browser tab/session, tying stored state directly to a UID creates avoidable privacy and tracking risk, especially if the UID is stable, sensitive, or reused across workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The spec describes telemetry being sent to a remote endpoint via sendBeacon/fetch, including detailed interaction and page-context data, but does not mention notice, consent, minimization, or transmission safeguards. In context, this can enable covert behavioral monitoring and privacy violations, especially because the API exposes user/session identifiers and automatic event capture.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented fields include user ID, session ID, URL/referrer, file metadata, survey answers, and detailed behavioral events, which together can reveal identity, workflow, and potentially sensitive user content. In a tracking library context this is more dangerous because the API is expressly designed to centralize and transmit comprehensive user telemetry without any documented sensitivity boundaries or redaction rules.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill describes centralizing detailed interaction and feedback data, including open-ended comments, without defining scope limits or excluding sensitive content. Free-text feedback especially increases the chance of collecting PII, credentials, health/financial data, or confidential business information that users may enter unintentionally.

Ssd 3

Medium
Confidence
90% confidence
Finding
The workflow encourages generating per-user test links and aggregating complete behavioral timelines, milestone funnels, and open feedback, which creates a clear semantic data-leak and re-identification risk. Because the skill is specifically designed for real user testing in production-like flows, the context makes the privacy impact more dangerous, not less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal