ClawHub

Design Mirror

Security checks across malware telemetry and agentic risk

Overview

This design helper is not clearly malicious, but it needs review because it sends arbitrary target URLs and page captures through Bright Data using shell scripts that also disable TLS verification while carrying an API key.

Install only if you intend to use Bright Data for public website design analysis. Do not use it on internal dashboards, authenticated pages, customer data, private URLs, or URLs containing tokens. The publisher should remove curl -k, add an explicit confirmation step before external requests, and document the third-party data flow and target restrictions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to execute shell commands (`bash scripts/screenshot.sh` and `bash scripts/scrape_html.sh`) but does not declare corresponding permissions or clearly scope that capability. Undeclared execution capability is risky because users and orchestrators may not realize the skill can run local code and trigger outbound network activity through helper scripts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated purpose focuses on design mirroring, but the actual behavior includes scraping arbitrary URLs, capturing screenshots, and sending requests to Bright Data Web Unlocker. This mismatch can mislead users about data collection and third-party transmission, increasing the chance of unauthorized scraping, privacy issues, or policy violations.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script sends arbitrary user-supplied URLs to Bright Data's external unlocking/screenshot service and requires privileged third-party API credentials to do so. For a design-mirroring skill, this introduces unnecessary external data handling and proxy/unlocker capability that expands privacy, legal, and abuse risk beyond simple local screenshot capture.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough that the skill could activate whenever a user casually references making an app look like another site, even if they did not intend to authorize scraping or third-party data transfer. Unintended invocation is dangerous here because activation leads to capture and analysis of arbitrary external websites using external tooling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description and setup mention Bright Data credentials, but they do not clearly warn that target URLs and retrieved page data will be sent to a third-party scraping service. Lack of transparent disclosure undermines informed consent and can expose sensitive browsing targets, internal URLs, or regulated data to an external processor.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script transmits the user-provided URL to a third-party API without any warning, consent prompt, or indication that browsing targets will be disclosed to Bright Data. This can leak sensitive internal, private, or user-specific URLs and may violate user expectations or organizational data-handling rules.

External Transmission

Medium
Category
Data Exfiltration
Content
echo "Capturing screenshot of: $URL" >&2

curl -k -s -X POST 'https://api.brightdata.com/request' \
    -H "Authorization: Bearer $BRIGHTDATA_API_KEY" \
    -H 'Content-Type: application/json' \
    -d "{\"zone\":\"$BRIGHTDATA_UNLOCKER_ZONE\",\"url\":\"$URL\",\"format\":\"raw\",\"data_format\":\"screenshot\"}" \
Confidence
91% confidence
Finding
curl -k -s -X POST 'https://api.brightdata.com/request' \ -H "Authorization: Bearer $BRIGHTDATA_API_KEY" \ -H 'Content-Type: application/json' \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
echo "Capturing screenshot of: $URL" >&2

curl -k -s -X POST 'https://api.brightdata.com/request' \
    -H "Authorization: Bearer $BRIGHTDATA_API_KEY" \
    -H 'Content-Type: application/json' \
    -d "{\"zone\":\"$BRIGHTDATA_UNLOCKER_ZONE\",\"url\":\"$URL\",\"format\":\"raw\",\"data_format\":\"screenshot\"}" \
Confidence
91% confidence
Finding
https://api.brightdata.com/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
echo "Capturing screenshot of: $URL" >&2

curl -k -s -X POST 'https://api.brightdata.com/request' \
    -H "Authorization: Bearer $BRIGHTDATA_API_KEY" \
    -H 'Content-Type: application/json' \
    -d "{\"zone\":\"$BRIGHTDATA_UNLOCKER_ZONE\",\"url\":\"$URL\",\"format\":\"raw\",\"data_format\":\"screenshot\"}" \
Confidence
98% confidence
Finding
curl -k

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal