ClawHub

CCPA Privacy Checker

Security checks across malware telemetry and agentic risk

Overview

This CCPA assessment skill appears purpose-aligned, but it sends sensitive privacy-program details to a third-party API without enough disclosed data-handling terms.

Review this skill carefully before installing. Use it only if you are comfortable sending your organization’s privacy-program details to api.mkkpro.com, and avoid submitting unnecessary personal data, confidential vendor details, or regulated information unless the publisher provides acceptable privacy, retention, and security terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill asks users to submit extensive business and privacy-program details, including categories of personal information, data sources, consumer counts, and vendor practices, but provides no clear notice about where this data is sent, how it is stored, who can access it, or what redactions users should apply. In a privacy/compliance context this is especially risky because users may assume the tool itself follows strong privacy practices and may overshare sensitive organizational or regulated data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The schema requests detailed business privacy-program information and potentially sensitive categories of personal-data handling without any visible notice, minimization guidance, or confidentiality/security disclosure in the manifest. In an agent setting, users may provide regulated or internal compliance data without understanding what is collected, why it is needed, or how it will be protected, increasing privacy and data-governance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
## References

- **Kong Route:** https://api.mkkpro.com/compliance/ccpa-privacy
- **API Docs:** https://api.mkkpro.com:8040/docs
Confidence
88% confidence
Finding
https://api.mkkpro.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal