ClawHub

Grok Api

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Grok API helper that sends user-requested prompts and media requests to a disclosed LeonAI proxy using a user-provided API key.

Install only if you trust the LeonAI proxy and any endpoint you configure in GROK_BASE_URL with your prompts, media requests, and GROK_API_KEY. Use a dedicated revocable key, monitor quota or billing, and avoid sending secrets, personal data, or regulated information through this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'req' from os.environ.get (line 23, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
def _post(path, body):
    data = json.dumps(body).encode()
    req = urllib.request.Request(f"{BASE_URL}{path}", data=data, headers=HEADERS)
    with urllib.request.urlopen(req, timeout=300) as resp:
        return json.loads(resp.read())

def _get(path):
Confidence
89% confidence
Finding
with urllib.request.urlopen(req, timeout=300) as resp:

Tainted flow: 'req' from os.environ.get (line 23, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
def _get(path):
    req = urllib.request.Request(f"{BASE_URL}{path}", headers=HEADERS)
    with urllib.request.urlopen(req, timeout=30) as resp:
        return json.loads(resp.read())

def chat(prompt, model="grok-4.1-mini", system=None, reasoning=None, temperature=0.8):
Confidence
88% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to overlap with normal user speech, which can cause the skill to activate unintentionally. In a skill that sends requests to an external proxy-backed API, accidental activation can expose user prompts or incur unwanted usage and cost.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill routes user content through a third-party proxy endpoint and requires an API key, but the documentation does not clearly warn that prompts and possibly sensitive data will be transmitted off-platform. This can mislead users and operators about privacy expectations, especially because the service is explicitly not a direct xAI connection.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The documentation advertises `enable_nsfw: true` without a corresponding warning about policy, legal, workplace-safety, or consent risks. This increases the chance of unsafe or non-compliant deployment, particularly in shared or multi-user environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal