ClawHub

Windsensei

Security checks across malware telemetry and agentic risk

Overview

WindSensei is a disclosed wind-sports forecast integration with optional account features and user-requested calendar actions, with no evidence of hidden execution or malicious behavior.

Install if you want WindSensei forecast help. Add the API key only if you want personalized forecasts, favorites, history, or social/live-session features, and prefer Bearer-token use rather than putting keys in URLs. Review any proposed calendar events, times, time zones, and locations before letting the agent create them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation examples are broad enough to match generic weather requests like 'How's the wind?' or 'wind report' without requiring explicit wind-sports intent. That can cause the skill to be invoked in situations where the user did not intend to access this third-party service, increasing the chance of unnecessary data sharing, mistaken tool use, or user confusion about why a niche skill was selected.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to create calendar events from forecast blocks, but it does not require explicit confirmation immediately before modifying the user's calendar. In an agentic environment, that creates a risk of unintended state-changing actions from ambiguous requests like 'block off the good times,' potentially causing unwanted calendar changes and loss of user trust.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal