ClawHub

Auto-AI Web Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only web bridge, but it asks the agent to collect and possibly store Claude/Gemini login credentials and auto-send user requests to third-party sites.

Review carefully before installing. Do not give this skill raw Claude, Google, or Gemini passwords, and do not allow it to store account secrets. Prefer logging in yourself through the provider’s website or using official API/OAuth flows. Confirm before sending private code, proprietary prompts, personal data, or generated files through external services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to ask for user credentials and then use them to log into third-party services. That is outside the minimally necessary behavior for a code/image generation skill and creates a direct path for credential collection, mishandling, and possible exfiltration through the agent runtime or logs.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The note to save credentials securely normalizes credential retention by the skill, even though storing user passwords is unnecessary for its stated purpose. Any storage of third-party credentials by an agent materially increases compromise risk via plaintext leaks, secrets reuse, logging, or later unauthorized use.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rules are very broad, covering common requests like code writing, code analysis, and image generation whenever APIs are unavailable. That increases the chance the skill will trigger unexpectedly and route ordinary user content to external sites, expanding exposure to privacy and data-handling risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to download generated images and save them to a local path without a clear warning or explicit consent for local file writes. Unannounced file creation can violate user expectations, create persistence of sensitive content, and introduce risks if filenames or destinations are manipulated elsewhere in the workflow.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill sends user prompts to external web services but does not warn that the content will leave the local/system boundary. For code and analysis requests, prompts may contain proprietary source, secrets, or personal data, so silent transmission to third parties can cause serious confidentiality and compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal