ClawHub

Poe Chat

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Poe chat helper that sends user-provided prompts and optional selected files to Poe, with no evidence of hidden collection, persistence, or destructive behavior.

Install this only if you intend to send prompts and any files you pass with --file to Poe and its model providers. Prefer POE_API_KEY over command-line keys, avoid uploading secrets or regulated/private documents, and consider pinning reviewed dependency versions before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Low
Confidence
77% confidence
Finding
The document says model-list caching is memory-only and non-persistent, but elsewhere states that a local models.json cache file is written. This inconsistency can cause operators to underestimate data persistence on disk, affecting privacy expectations and cleanup practices.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Using broad triggers like @gpt or '@... etc.' without precise boundaries can cause unintended activation from normal text, pasted logs, or prompt content. In a skill that can upload files and call external APIs, accidental triggering can lead to unplanned data transmission or unexpected model usage.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Stating that any message containing @xxx is sufficient to trigger behavior is overly permissive and fails to distinguish commands from incidental text. That raises the risk of accidental execution paths and unintended external requests, especially when messages may include copied content or documents.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill says local files can be uploaded for analysis but does not clearly warn that file contents will be transmitted to Poe, an external service. This creates a substantial confidentiality risk because users may provide sensitive documents without understanding they are leaving the local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to export or pass an API key on the command line without warning that this is sensitive secret material. Command-line arguments can leak into shell history, process listings, logs, or shared terminal recordings, exposing the credential to other users or systems.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script sends user message content and uploaded files to the external Poe service without any explicit warning, consent flow, or sensitivity check. In a skill context that advertises file upload support, users may inadvertently transmit secrets, personal data, or proprietary files off-platform, creating a real privacy and data-handling risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal