ClawHub

Compliance Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent compliance-assessment API skill, but users should be careful about the sensitive compliance data they submit to the external service.

Before installing or using this skill, verify the ToolWeb/API provider and only submit compliance data approved for external processing. Redact secrets, credentials, customer data, raw audit evidence, and highly sensitive internal control details unless your organization has reviewed the provider's privacy, retention, and security terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly invites submission of detailed organizational compliance data, including control implementation status, evidence, organization profile, and classification metadata, but provides no warning that this information may be sensitive or should be minimized before transmission. In a compliance context, these fields can reveal security weaknesses, internal controls, and audit posture, which could aid attackers or create confidentiality and regulatory exposure if sent to a third-party service without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API accepts potentially sensitive compliance assessment data, organization profile details, session identifiers, timestamps, and optional user identifiers, but the specification provides no privacy notice, consent language, data handling description, or visible security controls. In a compliance-management context, these fields may contain sensitive operational and regulatory information, increasing the risk of inadvertent data disclosure, over-collection, or unsafe transmission to an external service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal