ClawHub

Delivery Queue

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a coherent message-delivery scheduler, but it can store and send real outbound messages without enough visible privacy and confirmation guardrails.

Install only if you are comfortable with a local queue that may store phone numbers and message text and can send queued messages. Review the queue files, confirm every recipient and message before running any flush/send command, and avoid sensitive or regulated content unless storage permissions, retention, deletion, and delivery safeguards are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes commands to queue outbound messages and to immediately send all pending messages via `deliver:flush`, but it does not clearly warn users that it can autonomously transmit messages on their behalf. This creates a meaningful safety risk because a user may invoke the skill without understanding that it can trigger real outbound communications, including bulk immediate sends, which can cause spam, reputational harm, or unintended disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description discusses scheduling deliveries to phone numbers and drip campaigns, which implies retention of recipient contact details and message bodies, yet it provides no warning that this data will be stored for delayed sending. That omission is dangerous because users may unknowingly place sensitive contact information and message content into a queue, increasing privacy, compliance, and unauthorized-disclosure risk if the queue is accessed or mishandled.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script stores recipients and message contents in plaintext JSON files under a user directory, which can expose sensitive communications data to other local users, backups, malware, or forensic recovery if filesystem permissions are weak or the host is shared. In a messaging queue context, this increases the risk because the stored data may include private contact information and message bodies, and the script provides no warning, retention control, or hardening around this storage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal