ClawHub

Agenthub

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid API gateway, but it needs review because it can spend from a wallet and trigger email or remote code execution without clear per-action approval controls.

Install only if you are comfortable giving this skill a dedicated low-balance Base wallet for paid API calls. Confirm every paid request yourself, and require separate confirmation before using email_send or code_exec. Do not send secrets, private code, or sensitive personal data through the remote execution, scraping, or email APIs unless you have reviewed the risks and trust the external SDK and gateway.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes an `email_send` capability but provides no guidance to require explicit user confirmation, display the final recipient/content, or warn about misuse. In an agent setting, this can enable unauthorized outbound emails, spam, phishing, or data exfiltration if the model is prompted or manipulated into sending messages on the user's behalf.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises a remote `code_exec` feature that can run Python, JavaScript, R, or Bash, but it does not warn against executing untrusted or model-generated code. This is dangerous because agents may be induced to submit malicious code to the remote execution service, potentially causing data exfiltration, abuse of connected resources, or harmful actions performed under the user's authority and paid wallet.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal