ClawHub

Lead Gen Website Builder (SEO PUR)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent website-building skill, but it should be reviewed because its lead form and WhatsApp workflow handle personal lead data without fully enforcing the privacy controls the skill claims to provide.

Install only with review and hardening before production use. Replace the default contact form with a secured backend submission flow, remove console logging of personal data, add a visible privacy notice and consent/lawful-basis handling near the form, disclose UTM/analytics/CRM and WhatsApp recipients, and define retention, deletion, access-control, and anonymization rules for lead records and conversation logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to read bundled reference files and write multiple project artifacts, but it does not declare corresponding permissions. Hidden or undeclared file access weakens the security model because users and enforcement layers cannot accurately understand or constrain what the skill is allowed to do. In this context the access appears aligned with the stated website-building workflow, so the issue is transparency and governance rather than overtly malicious behavior.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The form collects personal data (name, phone, email, message, and UTM attribution data) but on submission it only writes that data to the browser console and shows a success toast, creating a misleading impression that a compliant lead-handling workflow occurred. In a lead-generation and RGPD-compliance context, this can cause silent loss of user requests, accidental exposure of PII in local logs, and non-compliant processing because consent, notice, retention, and actual secure transmission are absent.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal