ClawHub

TestTau

Security checks across malware telemetry and agentic risk

Overview

TestTau is a coherent testing helper, but users should avoid sending sensitive data to public inboxes or webhooks and should confirm before replaying or deleting captures.

Install this only if you intend to use TestTau for testing. Use private inboxes/hooks and bearer tokens for sensitive test data, never put tokens in URLs, do not send production secrets or PII to public captures, and require explicit confirmation before replaying requests or wiping inboxes/hooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The default prompt is broad enough to invoke the skill for generic testing-related requests without requiring explicit user intent, which can cause the agent to create disposable inboxes or webhooks unexpectedly. Because the skill exposes external capture infrastructure and inspect URLs, overbroad triggering increases the chance of unintended data routing, privacy issues, or misuse during normal conversations.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The Hooks reference documents both replay and destructive deletion endpoints without any warning about target validation, authorization scope, or destructive effects. In an agent-facing skill, omission of those guardrails increases the chance an LLM will replay captured requests to arbitrary URLs or wipe hook data without user intent, which can cause SSRF-like outbound requests, accidental data exfiltration, or loss of test evidence.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `GET /message/<messageId>/json` - parsed message JSON.
- `GET /message/<messageId>/raw` - raw `.eml`.
- `DELETE /message/<messageId>` - delete one message.
- `DELETE /all` - wipe inbox.

## Hooks
Confidence
84% confidence
Finding
DELETE /all`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `PUT /config` - set response behavior or JSON Schema.
- `POST /replay/<requestId>?target=<url>` - replay capture.
- `GET /assert?since=<epochMs>&min_count=1` - CI assertion gate.
- `DELETE /request/<requestId>` - delete one capture.
- `DELETE /all` - wipe hook.
Confidence
89% confidence
Finding
DELETE /request/<requestId>`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `POST /replay/<requestId>?target=<url>` - replay capture.
- `GET /assert?since=<epochMs>&min_count=1` - CI assertion gate.
- `DELETE /request/<requestId>` - delete one capture.
- `DELETE /all` - wipe hook.
Confidence
93% confidence
Finding
DELETE /all`

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal