ClawHub

Interactive Widget

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-built for hosted widgets, but it needs review because it can publish permanent browser pages while giving unsafe raw-HTML guidance.

Install only if you trust the duoduo-widget npm package and are comfortable sending widget contents to the external widget service. Do not put secrets, credentials, private customer data, or sensitive personal information into widgets unless that publication is intentional, and sanitize or text-escape untrusted values before inserting them into HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to write raw HTML and says 'no escaping needed' while also documenting `innerHTML`, `append`, and `replace` operations. If any user-controlled or untrusted data is inserted into these fields, the resulting widget can execute script-bearing markup or event handlers in viewers' browsers, creating a stored XSS-style issue in a permanent, shareable artifact.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The top-level description emphasizes permanent URLs and shareability but does not prominently warn that finalized artifacts persist beyond the conversation and may expose sensitive information. In a skill designed to collect inputs, visualize data, and publish browser-accessible pages, omission of this warning can lead to accidental disclosure of personal, confidential, or regulated data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal