ClawHub

CISO Daily Security Pulse

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward third-party CISO assessment API, but users should treat submitted security posture data as sensitive.

Install only if you are comfortable sending aggregate security posture metrics to ToolWeb. Avoid secrets, detailed vulnerability records, incident narratives, or real user identifiers unless your organization has approved the provider, privacy terms, retention terms, and any billing or quota implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill processes and transmits detailed security posture information, including vulnerability counts, compliance gaps, incident metrics, and identifiers, to an external service without any explicit warning about data egress or sensitivity. In a security-focused skill, this omission is especially risky because users may reasonably assume the analysis is local or safe to share, leading to unintended disclosure of sensitive operational security information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The OpenAPI metadata and operation descriptions are overly generic, which makes it difficult to determine when the skill should be invoked and what data it is intended to process. In agent ecosystems, vague scope definitions can cause overbroad activation, unnecessary exposure of sensitive security posture data, and misuse of the assessment endpoint outside its intended context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal