ClawHub

lessie

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate people and company research skill, but it gives an agent broad remote lookup and contact-enrichment authority with automatic package installation and persistent login state.

Install only if you are comfortable with an agent using a remote people-search service that may return personal contact details, log search queries, install external npm tooling, and cache an OAuth token locally. Require explicit approval before installing packages, opening login flows, using raw remote tool calls, enriching personal contacts, or fetching arbitrary URLs; use it only for lawful, consent-appropriate recruiting, sales, or research workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README foregrounds people search, contact enrichment, and web research capabilities without placing a clear privacy/safety warning near the main capability description. Because this skill is explicitly designed to retrieve personal contact data, the omission can encourage privacy-insensitive or non-compliant use and normalizes potentially invasive workflows.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill’s trigger description is extremely broad and instructs activation for almost any mention of finding contacts, researching people or companies, or gathering business intelligence. This can cause the agent to invoke external search/enrichment capabilities in situations where the user did not clearly request them, leading to unnecessary data disclosure, unintended third-party queries, and unexpected credit-consuming actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference explicitly instructs users to invoke remote tools and fetch the latest schemas from a server, but it does not warn that user-provided queries, identifiers, URLs, and other arguments will be transmitted to external services. In a people/company search and enrichment skill, those arguments can contain personal data, prospecting lists, or sensitive business intelligence, so omission of a disclosure meaningfully increases the risk of unintended data exfiltration or privacy violations.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The web-fetch example encourages fetching arbitrary URLs and supplying extraction instructions without noting that this contacts third-party sites and ingests untrusted remote content. In this skill's context, users may fetch personal profiles, company pages, or other external content, creating privacy, tracking, and untrusted-content risks if operators are not warned.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal