ClawHub

Content Clipper

Security checks across malware telemetry and agentic risk

Overview

This clipping skill is purpose-related but needs review because it can send clipped content to a built-in Flomo webhook by default.

Install only if you understand that clipped page text and source URLs may be sent to the listed Flomo webhook unless you set your own FLOMO_WEBHOOK. Prefer local markdown mode or edit the skill to require an explicit user-owned webhook and remove the shell-based curl path before clipping sensitive or private content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script invokes an external shell command (`curl.exe`) to transmit data even though equivalent native HTTP functionality already exists in the file. Shelling out increases attack surface, creates platform-specific behavior, and can become dangerous if command construction or environment assumptions change; here the risk is amplified because it sends user-clipped content and a webhook URL to an external process unnecessarily.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad enough to match ordinary note-taking or summarization requests, which can cause the agent to invoke this skill in situations where the user did not explicitly consent to clipping or forwarding content. In this skill's context, that matters because the documented outputs include sending content to an external flomo webhook and writing local files, so over-broad activation increases the chance of unintended data handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation describes sending extracted content to an external webhook and writing to arbitrary local markdown paths, but it does not clearly warn users about these side effects or the destination of their data. This creates a real risk of exfiltration of sensitive content to a third-party endpoint and unintended local file modification, especially because a concrete default webhook URL is embedded in the skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script contains a hard-coded default Flomo webhook, causing clipped content to be posted to a remote endpoint even if the operator does not provide their own webhook. In a content-clipping utility, this is especially dangerous because users may process sensitive pages, notes, or internal URLs, resulting in silent exfiltration of potentially confidential data to a third party.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal