ClawHub

Dpdp Compliance Assessment

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ToolWeb API-backed DPDP compliance assessment skill, but users should know their organization’s answers are sent to a third-party service.

Install only if you are comfortable sending DPDP questionnaire answers and organization details to ToolWeb. Do not include secrets, customer records, or unnecessary sensitive details; protect the TOOLWEB_API_KEY; and review ToolWeb’s billing, privacy, retention, and contractual terms before using real company data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to collect detailed organizational privacy/compliance information and transmit it to a third-party API, but it does not require explicit user notice or consent before sending that data off-platform. Even if the transmission is central to the skill’s function, this creates a real data handling risk because sensitive business process details may be disclosed to an external service without clear, informed approval.

External Transmission

Medium
Category
Data Exfiltration
Content
2. **Call the API**:

```bash
curl -s -X POST "https://portal.toolweb.in/apis/compliance/dpdp-compliance" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
Confidence
97% confidence
Finding
curl -s -X POST "https://portal.toolweb.in/apis/compliance/dpdp-compliance" \ -H "Content-Type: application/json" \ -H "X-API-Key: $TOOLWEB_API_KEY" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal