ClawHub

ClawHub Automation

Security checks across malware telemetry and agentic risk

Overview

This automation skill matches its stated purpose, but it can create and run cross-platform workflows that move files, send messages, export data, and expose logs without enough scoping or confirmation safeguards.

Review carefully before installing or using with real accounts. Use test accounts first, pin dependencies in an isolated environment, avoid printing or exporting tokens/logs, and add mandatory preview/approval plus destination allowlists before enabling workflows that send messages, upload/share files, create users, or export audit/business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The audit log query and export functions expose potentially sensitive compliance and user activity data without any authorization check. In a permission-management component, this allows any caller with access to the object or API surface to enumerate and exfiltrate audit data, which can reveal operational details, identifiers, and security-relevant events.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes automations that move WeChat files, chat records, and other user content across platforms, but it does not clearly warn that these workflows may process sensitive personal or corporate data. In a no-code automation skill, missing privacy and data-handling warnings can lead users to enable high-risk flows without understanding consent, minimization, retention, or cross-platform exposure implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples include chat-record backup and export of execution or audit logs, but the README does not warn that exported logs and backups may contain sensitive messages, identifiers, tokens, or business records. This increases the chance of unsafe deployment or misuse, especially because users may treat exported JSON/CSV/PDF artifacts as low-risk files when they can become a secondary data-leak channel.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example prints part of an authorization access token to stdout, which normalizes exposing credential material in logs, terminals, CI output, or screenshots. Even partial tokens can aid correlation, leak prefixes used in debugging, and encourage unsafe handling of secrets in downstream integrations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The generator automatically creates file sync/backup actions and marks them as critical, but it does not require explicit user confirmation, destination validation, or any safety warning before enabling potentially destructive or privacy-sensitive cross-platform transfers. In an automation skill that bridges WeChat, DingTalk, Feishu, WPS, and cloud storage, this increases the chance of unintended data exfiltration, oversharing, or replication of sensitive files due to ambiguous natural-language input.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When no specific action is recognized, the code falls back to a generic 'execute' action and marks it as critical, without explaining what will happen or constraining the behavior. A vague natural-language request could therefore produce a high-privilege, underspecified workflow step, which is especially risky in an automation system connected to multiple external platforms and files.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Exporting audit logs to an arbitrary file path writes sensitive activity records to disk with no access control, destination validation, or disclosure/consent flow. In an automation skill context, this increases the risk of silent data exfiltration, insecure local persistence, and accidental placement of compliance data in broadly accessible locations.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pyyaml>=6.0
python-dateutil>=2.8.0
schedule>=1.2.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pyyaml>=6.0
python-dateutil>=2.8.0
schedule>=1.2.0
Confidence
98% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pyyaml>=6.0
python-dateutil>=2.8.0
schedule>=1.2.0
Confidence
93% confidence
Finding
python-dateutil>=2.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pyyaml>=6.0
python-dateutil>=2.8.0
schedule>=1.2.0
Confidence
91% confidence
Finding
schedule>=1.2.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
85% confidence
Finding
requests

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal