ClawHub

Network Security Audit

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for security assessments, but it sends sensitive audit and infrastructure data without clear privacy, retention, or access-control disclosure.

Install only if you trust the service operator with sensitive infrastructure and security-assessment details. Before use, confirm what data is transmitted, whether authentication is required, how long reports and identifiers are retained, and whether you can omit or pseudonymize user IDs and session details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly processes sensitive security assessment content, operational notes, timestamps, session identifiers, and user attribution data, yet it provides no privacy notice, retention limits, redaction guidance, or handling constraints. In the context of a network security audit platform, these fields can reveal internal weaknesses, asset posture, and accountable personnel, increasing the risk of unauthorized disclosure or improper third-party transmission.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The audit endpoint accepts potentially sensitive network-security assessment details, session identifiers, and optional user identifiers without any disclosure, sensitivity labeling, or visible safeguards in the spec. In an agent setting, this increases the risk that a user or orchestrator sends highly sensitive infrastructure data to the service without informed consent or appropriate handling expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal