ClawHub

clawCat-BRIEF

Security checks across malware telemetry and agentic risk

Overview

This is a report-generation skill that uses public web data and an external LLM as advertised, with privacy considerations users should understand before use.

Install only if you are comfortable with a tool that queries third-party websites/APIs and sends report prompts, profile preferences, and fetched snippets to the configured LLM provider. Use your own API keys, avoid submitting secrets or regulated data unless your provider settings permit it, and clear data/item_memory.json if you want to reset cross-run deduplication history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module and function comments state that items without a publication timestamp are discarded, but the implementation only checks date bounds when a timestamp exists and therefore allows undated items through. This creates a freshness-policy bypass: stale, replayed, or otherwise unbounded items can survive filtering and downstream processing despite the documented guarantee.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states it will automatically select data sources, fetch latest information, and generate reports from multiple external services, but it does not clearly warn the user that network requests and potentially user-provided topics may be transmitted to third parties. This creates a meaningful privacy and consent risk, especially if users include sensitive business interests, watchlists, or internal research topics in prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The planner injects the full serialized `UserProfile` into the system prompt sent to an external LLM, which can expose personal or sensitive profile data to a third-party model provider and to downstream logging/retention by that provider. Because this file shows no minimization, consent, masking, or disclosure controls, prompt-injection through `user_input` or overbroad prompting can also cause unnecessary use of profile fields beyond what is needed for planning.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code sends task metadata and candidate item titles, sources, and dates to an external LLM service for ranking. Even though it omits raw text, titles and task parameters can still reveal sensitive topics, internal priorities, or proprietary research context, and there is no indication here of consent, minimization controls beyond basic truncation, or provider-boundary checks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code sends item titles, sources, and excerpts of raw text to an external LLM service, which can expose sensitive, proprietary, or personal data if upstream filtering is insufficient. The risk is context-dependent, but in a summarization pipeline this is a real data-handling vulnerability because there is no visible consent, minimization, redaction, or provider-boundary enforcement at the call site.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal