ClawHub

Ask a Human

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can send user, business, or security context to unknown outside humans without adequate privacy limits.

Install only if you are comfortable with submitted prompts leaving your environment and potentially being read by unknown human reviewers. Do not use it for credentials, personal data, customer or client details, private source code, vulnerability reports, internal strategy, unreleased business material, or confidential context unless you have explicit approval and have redacted the prompt first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes sending agent-provided questions to random anonymous humans, but it does not warn that prompts may contain sensitive user data, proprietary context, credentials, or other confidential information. In a skill whose core function is external disclosure to strangers, omitting privacy and data-handling constraints materially increases the risk of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to include full question context when sending prompts to a third-party service staffed by random humans, but it does not warn against including sensitive, personal, proprietary, or user-provided data. That creates a real privacy and data-handling risk because agents may forward confidential context to unaffiliated external recipients without user awareness or consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example explicitly sends user/project context to a third-party 'random humans' service without any consent, privacy warning, redaction guidance, or data-classification limits. Because the skill is designed to solicit human judgment, the risk is amplified: agents may disclose client, product, code-review, or security-related details to external reviewers who are outside the trust boundary.

Ssd 3

Medium
Confidence
97% confidence
Finding
The guidance repeatedly encourages writing self-contained questions with all necessary context for random strangers, which predictably increases the chance that user content, internal data, or sensitive operational details will be disclosed. Because the recipients are an uncontrolled third-party crowd, oversharing can lead to irreversible exposure of private or regulated information.

External Transmission

Medium
Category
Data Exfiltration
Content
### Submit a Question

```bash
curl -X POST https://api.ask-a-human.com/agent/questions \
  -H "Content-Type: application/json" \
  -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \
  -d '{
Confidence
86% confidence
Finding
curl -X POST https://api.ask-a-human.com/agent/questions \ -H "Content-Type: application/json" \ -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### Submit a Question

```bash
curl -X POST https://api.ask-a-human.com/agent/questions \
  -H "Content-Type: application/json" \
  -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \
  -d '{
Confidence
86% confidence
Finding
https://api.ask-a-human.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Agent (action):**
```bash
curl -X POST https://api.ask-a-human.com/api/questions \
  -H "Content-Type: application/json" \
  -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \
  -d '{
Confidence
94% confidence
Finding
curl -X POST https://api.ask-a-human.com/api/questions \ -H "Content-Type: application/json" \ -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \ -d '{ "prompt": "We need to email a client about a 2-w

External Transmission

Medium
Category
Data Exfiltration
Content
**Agent (action):**
```bash
curl -X POST https://api.ask-a-human.com/api/questions \
  -H "Content-Type: application/json" \
  -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \
  -d '{
Confidence
94% confidence
Finding
https://api.ask-a-human.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Agent (action):**
```bash
curl -X POST https://api.ask-a-human.com/api/questions \
  -H "Content-Type: application/json" \
  -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \
  -d '{
Confidence
93% confidence
Finding
https://api.ask-a-human.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Agent (action):**
```bash
curl -X POST https://api.ask-a-human.com/api/questions \
  -H "Content-Type: application/json" \
  -H "X-Agent-ID: $ASK_A_HUMAN_AGENT_ID" \
  -d '{
Confidence
98% confidence
Finding
https://api.ask-a-human.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal