ClawHub

Investment Banking

Security checks across malware telemetry and agentic risk

Overview

This is a coherent career-roadmap API skill, but users should be careful about sharing identifiable career details with the third-party service.

Before installing, treat this as a third-party career assessment API. Share only the profile details needed for the roadmap, avoid confidential employer or deal information, and look for the publisher's privacy, retention, and deletion practices before using real personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill collects and transmits personal and career-profile data such as employer, experience history, skills, certifications, goals, session identifiers, and optional user IDs, but provides no privacy notice, retention policy, consent language, or handling constraints. This creates a real privacy and compliance risk because users may disclose sensitive professional information to an external service without understanding where it is sent, how it is stored, or who can access it.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API schema explicitly collects identifiers such as sessionId and userId, plus timestamped assessment data, but the specification provides no user-facing notice about collection purpose, retention, sharing, or consent. Even though this is not direct code execution risk, it creates a privacy and compliance weakness because clients may transmit trackable personal or pseudonymous data without adequate transparency or minimization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal