ClawHub

Index Cards

Security checks across malware telemetry and agentic risk

Overview

This card-sending skill mostly matches its purpose, but it needs review because it can automatically use a user's Gemini API key and has conflicting privacy wording around contact and address data.

Review before installing. Use it only if you are comfortable with recipient address and phone details being sent to Index Cards for delivery, and require explicit approval before the agent reads saved contacts or uses a Gemini API key that may send prompts to Google and consume your quota.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to use user-provided Gemini API keys from environment variables for image generation, which expands the skill's access beyond the declared Index Cards API purpose. This is dangerous because it encourages cross-service credential use and exfiltration of prompts/user content to a third-party provider not clearly disclosed in the primary workflow, creating scope creep and potential privacy/compliance issues.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest says the skill works via the Index Cards API, but the implementation documentation silently routes image generation to Google's Gemini API when keys are present. This mismatch is dangerous because users and reviewers may believe data stays within Index Cards, while prompts and potentially user-supplied creative content are instead sent to an undeclared third party.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal