ClawHub

Daily Cost Report

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it asks for an unexplained API key and can expose detailed usage reports through predictable temp files and copied email/cron examples.

Review before installing. Remove the OPENAI_API_KEY requirement unless the publisher can explain why it is needed, replace the sample email and Telegram destinations with your own, avoid copying the enabled cron job unchanged, and prefer storing reports in a private directory instead of /tmp.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill documentation makes materially misleading safety and cost claims: it says the skill 'costs nothing' and makes 'No external API calls,' while the metadata requires an OPENAI_API_KEY and the documented workflow includes sending reports externally via email. Misrepresentation of external dependencies and outbound data handling can cause operators to enable or schedule the skill without understanding that secrets and potentially sensitive usage data may be involved.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes detailed usage data and a markdown report to predictable paths under /tmp, a world-accessible shared directory on many systems. This can expose agent IDs, session keys, model usage, channels, and cost metadata to other local users, and the use of predictable temporary paths increases the risk of symlink and race-condition issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal