ClawHub

Idle Web Developer

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a website builder/deployer, but it stores deployment credentials for reuse and can publish sites with privacy and data-collection behavior users should review first.

Review before installing. Use a least-privileged Vercel token, avoid storing secrets you do not need, do not provide Supabase service-role keys, and inspect or delete .skill-config when done. Use --skip-deploy or manual review before publishing each generated site, and update any generated privacy/waitlist copy if analytics or email collection is enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill markets itself as a simple website builder, but it also solicits deployment, analytics, and database-related credentials and persists them locally. That mismatch reduces informed consent and can cause users to provide sensitive tokens without fully understanding they will be stored, baked into builds, and used for third-party integrations.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The onboarding flow requests and persists third-party credentials and configuration in a reusable local file, increasing the blast radius if the workstation or skill directory is compromised. Even when some values are optional, centralizing multiple service secrets and identifiers in a plaintext config materially increases exposure risk.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation claims Google credentials are a prerequisite for analytics, but the injected client code only needs the GA measurement ID. This creates misleading trust boundaries and may cause users to disclose or persist credential paths that are unnecessary, expanding the perceived authority of the skill without technical justification.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The generated landing page promises 'Your data stays yours. No tracking, no selling, no surprises.' while the script conditionally injects Google Analytics and sends page_view events. This is a deceptive privacy claim that can mislead users and expose the operator to consent, compliance, and consumer-protection risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The deployment guidance explicitly exports Supabase and analytics values into the Vite build so they are baked into client-side assets, but the skill does not clearly warn that these values become part of the shipped front-end bundle. This is dangerous because users may misunderstand which values are public-by-design versus secret, leading to accidental exposure of sensitive configuration in deployed static files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The generated site can collect waitlist emails and analytics data without presenting any notice, consent flow, or privacy disclosure in the output. Even if the collected data is limited, silently transmitting identifiers and contact information creates privacy and regulatory exposure.

Session Persistence

Medium
Category
Rogue Agent
Content
### Onboarding Wizard

Ask the user each question in order. Collect the answers, then write them all to `.skill-config` at the end. Present each question clearly — one at a time, conversationally.

---
Confidence
91% confidence
Finding
write them all to `.skill-config` at the end. Present each question clearly — one at a time, conversationally. --- #### Step A — Vercel Token (required) > "To deploy your sites, I need your Vercel

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal