ClawHub

DeepSop工作台

Security checks across malware telemetry and agentic risk

Overview

This sales automation skill is not clearly malicious, but it can automatically send customer/contact reports containing emails, phone numbers, call details, and SMS details to chat channels without a final confirmation step.

Install only if you are comfortable giving this skill a DeepSOP API key and allowing it to submit sales tasks, create/read customer reports, and push detailed contact records to chat channels. Use it in a restricted workspace or channel, avoid shared group chats for sensitive customer data, and prefer aggregate-only reporting unless recipient-level details are truly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Ssd 3

High
Confidence
98% confidence
Finding
The skill instructs itself to automatically send result files and summaries containing customer, email, call, and SMS data to external chat channels via timed events. That creates an automated data exfiltration path for potentially sensitive business and personal data, and the cron payload is natural-language driven, making misuse or prompt-injection-triggered disclosure more likely.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly directs the agent to echo back raw phone numbers or email addresses from uploaded spreadsheets, even if limited to the first three entries. This is a direct disclosure of user-supplied sensitive contact data into chat, increasing exposure to unintended recipients, logging systems, and prompt-injection abuse.

Ssd 3

High
Confidence
98% confidence
Finding
The AiWa results flow requires showing the first five customer records with names, companies, emails, phone numbers, and social profiles directly in the conversation. This is an explicit sensitive-data disclosure pattern that can leak personal and business information beyond the minimum needed to report task completion.

Ssd 3

High
Confidence
97% confidence
Finding
Displaying call-task details and conversation excerpts exposes contact identities, phone numbers, call metadata, and possibly the content of recorded conversations. This can leak regulated or confidential communications data into chat logs and external messaging systems without clear necessity or consent controls.

Ssd 3

High
Confidence
97% confidence
Finding
The Frank results flow instructs the agent to reveal detailed email-delivery records including recipient identity, job title, company, and email address. That is a clear disclosure of sensitive customer/contact information into conversational output, which may be retained in logs or forwarded to unintended audiences.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal