ClawHub

Straker Verify - AI Translation & Human Review

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Straker Verify API helper that sends user-selected translation content to Straker for processing.

Install only if you are comfortable sending selected text, files, and related project metadata to Straker Verify. Do not submit secrets, regulated data, or confidential customer documents unless your organization has approved Straker for that use, and keep the STRAKER_VERIFY_API_KEY scoped and protected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill clearly instructs users to submit text and files to Straker's external API, but it does not prominently warn that user-provided content will leave the local environment and be processed by a third party. This creates a meaningful privacy and data-handling risk, especially if users provide sensitive documents under the assumption that the assistant operates locally or only within their primary platform.

External Transmission

Medium
Category
Data Exfiltration
Content
All requests (except `/languages`) require Bearer token authentication:

```bash
curl -H "Authorization: Bearer $STRAKER_VERIFY_API_KEY" https://api-verify.straker.ai/endpoint
```

### Get Available Languages
Confidence
90% confidence
Finding
curl -H "Authorization: Bearer $STRAKER_VERIFY_API_KEY" https://api-verify.straker.ai/endpoint ``` ### Get Available Languages ```bash curl https://api-verify.straker.ai/languages ``` Returns a lis

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal