ClawHub

Kubernetes Network Policy Generator

Security checks across malware telemetry and agentic risk

Overview

This package looks like a privacy-vendor scorecard skill, but its registry identity says Kubernetes Network Policy Generator and it sends submitted business evaluation details to ToolWeb.

Install only if you intended to use the ToolWeb privacy-solution-scorecard, not a Kubernetes network policy tool. Use a dedicated ToolWeb API key if possible, review ToolWeb privacy/retention terms, and avoid submitting confidential procurement, vendor, budget, or compliance details unless your organization approves sharing them with ToolWeb.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send organization context, evaluator identity, budget, industry, regulatory priorities, and vendor assessment data to a third-party API, but it does not clearly warn the user that this information will leave the local environment. This creates a privacy and governance risk because potentially sensitive procurement and business-context data may be disclosed externally without informed consent or minimization.

External Transmission

Medium
Category
Data Exfiltration
Content
2. **Call the API**:

```bash
curl -s -X POST "https://portal.toolweb.in/apis/compliance/privacy-scorecard" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
Confidence
95% confidence
Finding
curl -s -X POST "https://portal.toolweb.in/apis/compliance/privacy-scorecard" \ -H "Content-Type: application/json" \ -H "X-API-Key: $TOOLWEB_API_KEY" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal