ClawHub

Agriculture Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward external API wrapper for generating agriculture research career roadmaps, with privacy considerations but no evidence of hidden or harmful behavior.

Safe to install as an API documentation skill, but treat the live API as an external service. Avoid submitting sensitive personal, employment, institutional, or identifying details unless you are comfortable with the provider's privacy, retention, logging, and sharing practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill collects user identifiers, session IDs, timestamps, education history, skills, and career goals, which are personal/profile data, but it provides no privacy notice or explanation of storage, retention, sharing, or logging. Users may unknowingly transmit sensitive professional information to an external service without informed consent, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API documents timestamp, session tracking, and audit/analytics-oriented metadata, but omits any warning that such metadata may be logged, correlated, or used for analytics. This reduces transparency around observability data that can be used to profile user behavior across sessions and requests.

Vague Triggers

Low
Confidence
82% confidence
Finding
The API exposes a broadly described endpoint that generates personalized career roadmaps without documenting any narrow trigger conditions, user-scoping rules, or usage constraints. In an agent setting, vague scope can cause over-invocation, unintended handling of personal profile data, or use outside the intended agriculture-research context, increasing the chance of inappropriate or privacy-impacting actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal