ClawHub

Geepers Llm

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward instruction-only skill for sending user-selected LLM requests to a disclosed third-party API.

Install only if you trust dr.eamer.dev and its provider routing. Use a dedicated, revocable API key, and avoid sending secrets, regulated data, confidential business content, private images, or personal information unless you are comfortable with that third-party processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs users to send prompts, images, and text to a third-party API, but the description does not warn that user content and metadata will leave the local environment and be processed by an external service. This creates a real privacy and compliance risk because users may unknowingly transmit sensitive prompts, media, or proprietary data to an intermediary endpoint and potentially onward to multiple model providers.

External Transmission

Medium
Category
Data Exfiltration
Content
### Chat Completion
```
POST https://api.dr.eamer.dev/v1/llm/chat
Headers: X-API-Key: $DREAMER_API_KEY
Body:
{
Confidence
97% confidence
Finding
https://api.dr.eamer.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
### Vision (image analysis)
```
POST https://api.dr.eamer.dev/v1/llm/vision
Body: { "model": "claude-sonnet-4-5-20250929", "image_url": "...", "prompt": "Describe this image" }
```
Confidence
98% confidence
Finding
https://api.dr.eamer.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
### Image Generation
```
POST https://api.dr.eamer.dev/v1/llm/image
Body: { "prompt": "A sunset over the ocean", "provider": "openai" }
```
Confidence
90% confidence
Finding
https://api.dr.eamer.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
### Text-to-Speech
```
POST https://api.dr.eamer.dev/v1/llm/tts
Body: { "text": "Hello world", "voice": "alloy" }
```
Confidence
95% confidence
Finding
https://api.dr.eamer.dev/

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal