ClawHub

Clawprompt

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local teleprompter skill, with reasonable cautions around LAN access, browser-stored scripts, and a third-party QR fallback.

Install only if you are comfortable running a local web server for the teleprompter. Use it on trusted Wi-Fi, stop the server when done, avoid highly confidential scripts on shared networks, and clear browser site data if you do not want script text saved locally. The external QR fallback is worth removing or disclosing in a future version, but it does not change the current verdict by itself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
When the local QR endpoint fails, the page sends the remote-control URL to a third-party QR generation service. This creates an undeclared dependency and leaks connection metadata to an external party, which is unnecessary for core teleprompter operation and could expose private/internal host information.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The fallback request to api.qrserver.com transmits the generated remote URL off-device even though the skill's stated purpose is a teleprompter with phone pairing, not third-party sharing. In this context, the QR code may encode a LAN or otherwise sensitive host address, so the external transmission expands the attack surface without clear necessity.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The page automatically opens a WebSocket and supports full remote text upload and teleprompter control, but the UI does not clearly warn users that their script content will be synchronized to other connected devices. For a teleprompter, scripts may contain unpublished or sensitive content, so undisclosed syncing can cause confidentiality and integrity issues if unauthorized devices connect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal