ClawHub

Network Security Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent assessment-generation API, but users should be careful about submitting real personal or workplace profile details.

Use pseudonyms or non-identifying labels when possible, especially for employees, students, or clients. Confirm the provider's privacy, retention, logging, and data-processing terms before sending real names, organization names, or confidential workplace details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly collects personal and professional profile data such as candidate name, organization, current role, experience level, and career goals, but the documentation provides no privacy notice, data handling constraints, retention policy, or guidance on sensitive-data minimization. Because this is an external assessment-generation API, users may submit real employee or student data, creating avoidable privacy and compliance risk if the data is logged, stored, or shared without clear disclosure.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The request schema collects personal/profile data such as candidate name, organization, role, experience, and career goals, but the spec provides no indication of data minimization, handling limits, retention expectations, or user disclosure. In a skill that generates personalized assessments, this increases privacy risk because callers may submit identifiable information without clear notice, and downstream logging, storage, or sharing practices are undefined.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal