ClawHub

Threat Intel V2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent threat-intelligence lookup skill, but users should avoid submitting private indicators unless external OSINT sharing is approved.

Install only if you are comfortable sending the indicators you ask it to investigate to an external OSINT service. Do not submit confidential incident data, customer information, private emails, internal-only infrastructure, or non-public investigation artifacts unless your organization approves that data sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill metadata and description explain what the tool does but do not define when it should or should not be invoked. In an agent setting, ambiguous activation boundaries can cause the tool to be used on loosely related user input, leading to unnecessary transmission of sensitive indicators or overbroad external lookups.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states it aggregates data across public and proprietary threat feeds but does not warn users that submitted indicators may be transmitted to third-party services. This creates a privacy and operational-security risk because internal IPs, domains, hashes, emails, or investigation artifacts could be exposed to external providers during enrichment.

Vague Triggers

Low
Confidence
86% confidence
Finding
The endpoint is exposed as a broad, generic OSINT lookup with no documented scope limits, allowed data sources, input restrictions, or exclusion conditions. In a threat-intelligence skill, this ambiguity can enable overbroad collection, misuse for arbitrary lookups, or unsafe downstream handling of attacker-controlled input because neither the caller nor the implementer is constrained by the API contract.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal