ClawHub
Back to skill

Security audit

Suspicious File Scanner

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward remote file-scanning integration, but users should understand that files are uploaded to an external service.

Install only if you are comfortable sending chosen files to api.mkkpro.com for analysis. Do not upload secrets, personal data, proprietary documents, or regulated material unless you have approved that third-party handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to upload arbitrary files to a third-party endpoint but does not clearly warn that file contents are transmitted off-platform to an external service. This creates a real privacy and data-governance risk because users may submit sensitive, proprietary, or regulated files under the mistaken assumption that scanning is local or platform-native.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The OpenAPI spec exposes a multipart file-upload endpoint without any visible authentication, authorization, caller restrictions, or other invocation constraints. For a file-scanning service, unrestricted upload capability can enable abuse such as arbitrary file submission, resource exhaustion, storage abuse, and use of the service as a probing or malware-handling relay.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -X POST \
  -F "file=@/path/to/sample.exe" \
  https://api.mkkpro.com/security/suspicious-file-scanner/scan-file
```

**Sample Response:**
Confidence
92% confidence
Finding
https://api.mkkpro.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal