ClawHub

ai-automation-workflows

Security checks across malware telemetry and agentic risk

Overview

This is mostly a coherent SkillBoss automation guide, but one alerting example can leak API keys, prompts, file paths, or raw results to an arbitrary webhook.

Review and edit the examples before installing or using this skill. Do not use the webhook alerting snippet as written; remove the full command and raw output fields or redact secrets first. Use a limited, rotatable SkillBoss API key, avoid sending confidential or regulated files unless SkillBoss and any webhook destination are approved for that data, and add clear stop, rate, and cost limits to cron or looping workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The example posts raw execution errors and the full invoked command to an arbitrary external webhook, which can leak sensitive runtime details such as API keys in arguments, file paths, internal endpoints, prompts, and other operational context. Because the destination is unrelated to the declared SkillBoss scope and is user-replaceable, this creates a real exfiltration channel and expands data exposure beyond the advertised service boundary.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a SkillBoss API workflow, but this section introduces outbound transmission to an unrelated webhook endpoint. That mismatch matters because users may trust the skill to communicate only with SkillBoss while the example normalizes sending execution data elsewhere, undermining least surprise and privacy expectations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill repeatedly demonstrates sending user-provided text, generated content, file contents, and operational data to remote HTTP endpoints without an explicit privacy or data-handling warning. In an automation context, this increases the chance that sensitive local or user data is transmitted externally under the guise of ordinary workflow examples.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal