ClawHub

Parcel Station Chat

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent courier-station chatbot template, but it handles shipment personal data and exposes package management/listing features without documented access controls or privacy safeguards.

Review before installing or using this as a deployable template. It should be acceptable for a local prototype, but before real station use add authentication for admin and package APIs, avoid exposing management endpoints publicly, minimize data sent to the AI provider, document consent/privacy handling, and define retention/deletion rules for package records and chat history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill processes waybill images, package lookup data, chat messages, and session history, which can contain personal data such as names, phone fragments, tracking numbers, and logistics details. Describing OCR/chat handling without any privacy notice, minimization guidance, retention limits, or consent considerations creates a realistic risk of collecting and transmitting sensitive user data to AI services without adequate safeguards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages storing package records in a local JSON database and exposing package-listing/management functionality, but does not mention authentication, authorization, or privacy protections. In this context, package records likely contain personal and shipment information, so undocumented storage and listing endpoints increase the chance of accidental data exposure or insecure default deployments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal