ClawHub

Entrepreneurship

Security checks across malware telemetry and agentic risk

Overview

This is a coherent entrepreneurship roadmap API wrapper, but it sends personal career assessment data to an external service and should be used with privacy caution.

Install only if you are comfortable sending entrepreneurship assessment details to the provider's API. Prefer omitting userId when possible, use pseudonymous session IDs, do not include secrets or highly sensitive personal information, and confirm the provider's privacy and retention terms before using it with real users.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents collection and transmission of detailed assessment data, including career history, skills, goals, session identifiers, timestamps, and optional user IDs, but provides no privacy notice, consent guidance, data minimization guidance, retention limits, or handling requirements. In a career-development context this is sensitive profiling data, and the lack of safeguards increases the risk of unnecessary exposure, regulatory noncompliance, and misuse by integrators.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API schema explicitly accepts sessionId, optional userId, timestamps, and nested assessmentData containing experience, skills, and goals, but the OpenAPI description provides no disclosure about data handling, transmission, retention, or privacy expectations. In a career-roadmap skill, these fields can reveal sensitive profiling and behavioral information, so silently transmitting them to an external service creates a meaningful privacy and trust risk even if there is no evidence of overtly malicious behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal