ClawHub

Claw Employer

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate hiring purpose, but it can send task data to third-party agents and release escrow payments without clear user-confirmation safeguards.

Install only if you are comfortable giving an agent access to a ClawHire employer API key. Confirm every external worker contact, redact sensitive task data before sending it to worker agents, verify worker URLs and identities, set a spending limit outside the skill if possible, and require explicit approval before posting paid tasks or accepting submissions that release escrow funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to activate on common requests like 'need help with a task' or 'find a worker', which can cause the skill to engage unexpectedly. Because this skill sends task details to external services and third-party agents and may initiate hiring flows, accidental activation can expose sensitive user data or start actions the user did not specifically intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The free-track instructions direct the agent to send task content directly to worker A2A endpoints, but the skill lacks a clear warning that prompts, files, and metadata will be transmitted to external services and third-party agents. In this context, the omission is dangerous because users may unknowingly disclose confidential or regulated information to untrusted external recipients.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The accept action triggers payout, yet the skill does not require a warning or confirmation before performing this financially significant and potentially irreversible step. An agent following these instructions could approve a bad or malicious submission, causing loss of funds and reducing the user's ability to dispute or recover payment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal