ClawHub

Business Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a documented career-roadmap API skill with disclosed personal assessment fields, but users should treat those fields as private data.

Install only if you are comfortable sending career background, skills, goals, session IDs, and optional user IDs to the external service. Prefer pseudonymous or minimal identifiers, avoid unrelated sensitive data, and review the provider's privacy and retention practices before using it with employee or student data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents sending detailed user assessment and tracking data, including userId, sessionId, timestamps, work history, industries, and skills, but provides no privacy notice, data minimization guidance, retention limits, or handling constraints. In a career-roadmap context this can expose personally identifiable and profiling data to an external service without adequate warning, increasing privacy, compliance, and misuse risk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The request schema explicitly collects sessionId and optionally userId, but the specification provides no privacy disclosure, purpose limitation, retention guidance, or indication of how these identifiers are protected. In a career-roadmap context, these identifiers can enable tracking, correlation of assessment responses, and linkage to user profiles, increasing privacy and data-handling risk if the API is integrated without informed consent or proper safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal