ClawHub

Xtoys.app Webhook Controller

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls xtoys.app intimate devices by webhook, but it gives an agent direct physical-control authority without enough safety gating and its advertised stop tool may not actually stop an active device.

Review carefully before installing. Use only with explicit, current consent from every affected person, keep the webhook ID private like a password, and do not rely on the provided stop/test tools as safe emergency controls unless the implementation is fixed and verified. Prefer a version that requires confirmation for every non-zero action, clearly scopes credential storage, documents that webhook calls are remote physical-control actions, and pins reviewed dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This skill controls intimate devices remotely via webhook, but the usage section does not prominently warn that commands and identifiers are transmitted over a network connection. In this context, missing disclosure is more dangerous than usual because users may not appreciate that sensitive control actions and the webhook ID are remote-control secrets whose exposure or interception could enable unauthorized device activation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This tool exposes commands that can immediately control stimulation of connected intimate devices, but the descriptions do not clearly warn that invoking the tool causes real-world physical actuation. In an agent setting, weak disclosure increases the chance of accidental invocation, misunderstood consent boundaries, or unsafe automated use, which is more serious here because the actions affect a person's body rather than only software state.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
urllib3>=1.26.0
Confidence
97% confidence
Finding
requests>=2.25.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
urllib3>=1.26.0
Confidence
97% confidence
Finding
urllib3>=1.26.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
requests

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
urllib3

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal