ClawHub

SkillForge API 服务发现

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate SkillForge connector for finding and invoking paid AI APIs, but use of it should be treated as billable third-party data sharing.

Install only if you intend to use SkillForge or configured paid AI services. Use a dedicated revocable API key, prefer an HTTPS platform URL, keep a low per-call cost limit, and require the agent to show the selected service, destination, data to be sent, and expected price before invoking anything. Do not send secrets, regulated data, or private files unless you trust the selected provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases and auto-activation conditions are very broad, including generic concepts like 'need capability' or any task involving images, audio, or video. In a skill that discovers and invokes paid external APIs, this increases the chance of unintended activation, external data disclosure, and unwanted spending without sufficiently specific user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises automatic discovery and calling of paid AI services but does not clearly warn that prompts, inputs, or other task data may be sent to external third-party APIs. In this context, the omission is especially risky because the skill is specifically designed to bridge local capability gaps by outsourcing user requests, which can expose sensitive content and create financial consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill can forward arbitrary user-provided input to an external paid service during invoke without requiring an explicit, user-visible confirmation at the point where money may be spent or data may leave the local environment. In this skill’s context, that is materially risky because it is specifically designed to discover and call third-party paid APIs automatically, so users may incur charges or unintentionally disclose sensitive content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description says the skill will 'automatically discover and call paid AI services' when a capability is missing, but it does not define narrow trigger conditions, approval requirements, or safety boundaries. In a service-discovery skill that can spend money and send requests to external systems, broad auto-invocation language increases the risk of unintended external calls, surprise billing, and data exposure.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The intent trigger uses very broad keywords such as '服务', 'API', '工具', and '调用', which are common in many unrelated conversations. This can cause the skill to activate unexpectedly and initiate network-based service discovery in contexts where the user did not explicitly request external paid services, increasing the chance of unintended data exposure or unsafe third-party recommendations.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The automatic capability-missing trigger allows activation whenever the agent believes it lacks a capability, but the file defines no scope limits, user approval step, or trust boundary for what may be searched externally. In this skill's context, that means the agent could automatically escalate from a local task failure into network discovery of paid external AI services, potentially leaking task context or routing users toward unvetted services without clear authorization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal