ClawHub

Universal Notify

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends user-provided notifications to selected external services and shows no hidden persistence or destructive behavior.

Install only if you are comfortable sending notification text to the selected services. Use trusted endpoints, avoid placing secrets or sensitive personal/internal data in messages, protect tokens passed on the command line, and prefer approved or self-hosted channels for sensitive alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and demonstrates shell-based execution via `scripts/notify.sh`, but no corresponding permissions are declared. That creates a mismatch between documented behavior and declared capabilities, which can lead users or enforcement systems to underestimate what the skill can do, especially since it sends data to external destinations. In this context, the shell capability is central to the skill and should be explicitly declared so execution risk is visible and reviewable.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is specifically designed to send messages, URLs, tokens, email parameters, and other potentially sensitive content to third-party services such as ntfy.sh, Telegram, Pushover, webhooks, and SMTP servers, yet it provides no privacy or data-handling warning. Users may unknowingly transmit secrets, internal alerts, personal data, or credentials to external systems, some of which are public or operated by third parties. Because exfiltration is a core function of the skill, the absence of a clear warning materially increases the risk of accidental data disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal