ClawHub

Unbox

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an external-service integration, but its Unbox framing conflicts with unrelated documentation and it gives broad authenticated API-changing power without clear safety boundaries.

Review this carefully before installing. Confirm it is actually for the Unbox service you intend to use, and only allow authenticated requests after you understand which account, records, and endpoints it can modify or delete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill is named and framed as an Unbox integration, but the documentation describes a different product domain and links to unrelated Apple ARKit docs. This mismatch can mislead an agent or user about the target system, increasing the chance of sending requests to the wrong service, misinterpreting data, or taking unsafe actions under false assumptions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation condition says to use the skill whenever the user wants to interact with Unbox data, which is broad and underspecified. Overly broad routing can cause the skill to activate in ambiguous contexts and perform actions against an external system without sufficient confirmation of scope, intent, or sensitivity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents direct proxy API requests and supports destructive HTTP methods like POST, PUT, PATCH, and DELETE without warning about operational or data impact. In an agent setting, this lowers the barrier to accidental or unsafe modifications to production records because the skill presents raw request capability without guardrails or confirmation requirements.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal