ClawHub

Pub Clawddocs

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly an API reference, but it gives an agent broad external-service powers including email and SMS without enough user-control guidance.

Install only if you intend to let the agent use a broad SkillBoss API key. Treat prompts, documents, audio, images, URLs, phone numbers, and email content as data sent to external services. Require explicit confirmation before any email, SMS, OTP, or batch messaging action, and prefer a restricted or dedicated API key where available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a documentation expert, but the content exposes a broad general-purpose API with capabilities including email, SMS, media generation, search, and document processing. This scope mismatch can mislead users and downstream agents into invoking sensitive outbound actions they would not reasonably expect from a docs-only skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Outbound email sending is unrelated to the stated documentation purpose and enables real-world external actions from within a mislabeled skill. If invoked by an agent or user expecting passive documentation help, it could be abused for spam, phishing, data exfiltration, or unauthorized notifications.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
SMS verification and OTP workflows are powerful external-action capabilities that do not fit a documentation expert role. They can trigger real-world messages, facilitate account-flow abuse, or be used to probe or spam phone numbers if exposed through a broadly scoped skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The inclusion of image, video, music, TTS/STT, and background removal substantially broadens the skill beyond its documented purpose. While not inherently malicious, unnecessary capability expansion increases attack surface and raises the chance that user prompts, media, or files are sent externally without informed intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents outbound email and SMS actions without warning that they cause external transmission and real-world effects. Users and agent orchestrators may treat the skill as informational, when in fact it can contact third parties and send messages on their behalf.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Document parsing, web search, and media-related examples send user-provided URLs, queries, or content to external providers without a privacy notice. This creates risk of inadvertent disclosure of confidential documents, prompts, media, or browsing intent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal