ClawHub

Cleaning Maintenance

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate TIDY integration, but it needs Review because it can trigger real-world bookings, cancellations, repairs, and handle sensitive property and credential data without strong guardrails.

Install only if you are comfortable letting an agent interact with TIDY for real property services. Use a dedicated account or token where possible, avoid sharing lockbox codes, alarm codes, key locations, or unnecessary personal data, and require manual confirmation before bookings, cancellations, concierge assignment, repairs, or third-party outreach.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill encourages free-form natural-language requests to an external service without defining clear activation boundaries or requiring confirmation before state-changing actions. In this context, an agent could over-trigger booking, cancellation, or maintenance workflows from ambiguous user text, causing unintended external actions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The common-scenarios section provides broad example prompts such as booking, cancellation, pricing, and maintenance requests that are easy for an agent to match opportunistically. Because these examples map directly to real external operations, loose matching increases the chance of accidental invocation and unintended service actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples send sensitive property information such as street address, access instructions, parking details, and scheduling data to a third-party API, but the skill does not prominently warn users about this disclosure. In a property-management context, these details materially increase security and privacy risk because they expose location and entry information outside the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to upload service professional contact details, including names, email addresses, and phone numbers, to an external platform without warning about third-party disclosure or consent considerations. This creates privacy and compliance risk, particularly if the contact data belongs to third parties who have not agreed to have their information shared.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly states that tokens do not expire and that prior tokens remain valid, while also recommending storage in an environment variable or local credentials file without a strong warning about the risk of long-lived credential persistence. If a host, shell history, process environment, backups, or the local config file is exposed, an attacker can reuse the token indefinitely because there is no natural expiration or invalidation on re-login.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document includes live REST examples that create and modify maintenance tasks using a bearer token, but it does not warn that these calls affect real account state. In a skill intended for operational booking and maintenance management, users may copy-paste examples directly, causing unintended task creation, status changes, or concierge assignment in production accounts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The examples show storing third-party professional contact details such as name, email, and phone number without any note about consent, lawful basis, or privacy handling. Because this skill is specifically for managing service professionals, readers are encouraged to submit real personal data, which increases the chance of unauthorized collection or disclosure of third-party PII.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference explicitly instructs clients to submit raw email/password credentials via the MCP tool and shows that the service returns an API token, but it provides no guidance on secure handling, storage, redaction, or least-privilege use of those secrets. In an agent/MCP context, this is dangerous because model clients, logs, transcripts, debugging output, and tool histories may inadvertently capture credentials or tokens, increasing the risk of account compromise.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal