ClawHub

Scouts Ai Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward web-search helper that discloses its use of curl and an external SCOUTS-AI HTTPS endpoint, with privacy cautions and no hidden persistence or credential use.

Install only if you are comfortable with search queries being sent to scouts-ai.com. Do not use it for prompts containing secrets, credentials, private code, internal hostnames, personal data, or confidential project details unless those details have been removed first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly instructs use of the host's exec tool and curl, which are shell/network-capable behaviors, yet no declared permissions are provided. This creates a transparency and policy-enforcement gap: a host may not realize the skill can execute commands and transmit user-derived data off-box, increasing the chance of unintended execution in a more privileged environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs the agent to send rewritten user questions to a third-party public search API, but it does not explicitly warn that query contents leave the host and may contain sensitive user data if the agent reformulates prompts incautiously. In an agent-skill context, this omission matters because users and integrators may assume a local-only capability unless outbound data sharing is clearly disclosed.

External Transmission

Medium
Category
Data Exfiltration
Content
## How to call

Use `curl` via `exec`. Let curl URL-encode the query with `--data-urlencode`;
do not shell-escape it manually. Always capture the HTTP status and response
headers so you can honour rate limits and surface upstream errors. Use a
per-call temp dir with restricted permissions and clean it up when the call
Confidence
92% confidence
Finding
curl URL-encode the query with `--data-urlencode`; do not shell-escape it manually. Always capture the HTTP status and response headers so you can honour rate limits and surface upstream errors. Use a

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal