ClawHub

Multimedia Gaming

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only career-roadmap API skill that sends expected assessment data to an external service, with privacy disclosure gaps but no executable or hidden behavior.

Install only if you are comfortable sending career assessment details to the listed third-party API. Use pseudonymous session/user IDs when possible, avoid confidential employer or client information, and do not grant wallet, crypto, purchase, or payment authority unless the publisher separately documents a clear need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly describes collecting and transmitting detailed career assessment data, skill inventories, work history, goals, session identifiers, timestamps, and optional user IDs, but provides no privacy notice, minimization guidance, retention limits, or handling constraints. While this is common product behavior, the absence of any data-handling safeguards increases the risk of exposing sensitive profiling data to third-party services or logging systems without informed consent.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The API explicitly collects assessment data, session identifiers, timestamps, and optionally a user identifier, but the specification provides no notice, minimization guidance, or privacy constraints around that collection and transmission. In an agent setting, this can lead to silent forwarding of personal or behavioral data to the service without informed user awareness, increasing privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal