ClawHub

SEO Backlink Submitter

Security checks across malware telemetry and agentic risk

Overview

The skill’s backlink-submission purpose is mostly disclosed, but it can automatically submit website and email details to third-party sites with too little user review and has mismatched quick-submit behavior.

Review before installing or running. Start with check-only behavior, manually limit the directory list, avoid personal email addresses, and do not run quick_submit.py unless it is fixed to accept explicit user-provided target and data. Expect live runs to send your site details and contact email to external websites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly invokes Python scripts that read local files, write JSON results, and perform network requests, yet it declares no permissions or user-facing capability boundaries. This creates a mismatch between what the skill appears authorized to do and what it actually instructs an agent to do, increasing the chance of silent file and network access without informed consent or policy enforcement.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code makes outbound HTTPS requests with `ssl=False`, which disables TLS certificate verification for every directory check. That allows a man-in-the-middle attacker to intercept or tamper with responses, causing the tool to misclassify directories or consume attacker-controlled HTML during later automation workflows. In this skill context, the risk is elevated because the script is used to decide which third-party sites should later be visited and submitted to automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automates submission of site metadata and contact email to multiple third-party directories, but it does not prominently warn that external services will receive this data or that browser automation will perform live submissions. In context, this is more dangerous because the skill is specifically designed for batch transmission to many unrelated sites, amplifying privacy, compliance, and unintended-spam risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script automatically submits user-provided data to third-party websites after heuristic form detection, with no final per-site confirmation, preview, or domain allowlist. In this skill context, the behavior is more dangerous because the whole purpose is mass interaction with untrusted external directories, so mistaken classification, deceptive forms, or unexpected fields can cause unwanted disclosure of contact information and accidental submissions to arbitrary sites.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically clicks submit controls on third-party sites and may perform irreversible external actions without any explicit user confirmation, preview, or per-site review. In this skill context, the entire purpose is bulk directory submission, which makes the behavior more dangerous because it can create unintended listings, violate site terms, trigger anti-spam controls, or submit inaccurate data at scale.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script populates and sends product name, URL, description, and email address to external websites without any disclosure, consent checkpoint, or data handling notice. In a backlink-submission skill, outbound sharing is expected functionally, but that context does not remove the risk: the automation can send personal or business contact data to multiple untrusted third parties without verifying legitimacy or informing the operator of the privacy implications.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal