ClawHub

Aerospace Engineer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a coherent career-roadmap API integration, with the main caution that it sends career profile data and tracking identifiers to an external service.

Install only if you are comfortable sending career history, skills, goals, session IDs, and optional user IDs to the provider’s API. Prefer pseudonymous identifiers and avoid including unnecessary sensitive employment or identity details unless the provider’s privacy and retention practices are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The sample request includes persistent identifiers such as sessionId, userId, and timestamps, but the documentation provides no privacy notice, retention guidance, or minimization rationale. This can lead consumers to transmit trackable personal or quasi-personal metadata without understanding how it is stored, correlated, or shared, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API schema explicitly collects assessment data, session identifiers, timestamps, and optional user identifiers, but the specification provides no indication of user-facing notice, consent, or data-handling disclosure. In a career-roadmap skill, this data can reveal personal background, goals, and behavioral/session metadata, creating privacy risk and potential over-collection if users are not clearly informed before transmission.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal