ClawHub

Filed — US Business Entity Search

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Filed.dev business lookup client, but its shell helper can run local code when given crafted search terms, so it should be reviewed before use.

Do not install this version unless you trust every lookup term or the script is fixed. The URL encoding should pass values as arguments or use a safer mechanism such as curl --data-urlencode instead of interpolating search text into python3 -c. Use a dedicated Filed.dev API key and assume company, officer, agent, filing, and entity lookups are sent to Filed.dev.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares runtime requirements for `curl` and an API key, which implies outbound network access and shell execution, but it does not expose any explicit permissions model or user-consent boundary for those capabilities. In an agent environment, undeclared network/shell capability can lead to unexpected data exfiltration, unintended external requests, or execution paths that are broader than users and reviewers realize.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger text includes broad phrases like business lookup, company search, due diligence, and 'is this company real,' which can match many ordinary requests and cause the skill to activate in contexts the user did not specifically intend. Overbroad invocation increases the chance of unsolicited external API calls, disclosure of user-provided business names or people names to a third party, and confusing tool-selection behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends user-supplied business names, officer names, agent names, filing numbers, and entity IDs to a third-party API over the network without any explicit disclosure or confirmation at runtime. While HTTPS protects the transport, the privacy risk remains because potentially sensitive investigative or due-diligence queries are transmitted off-box to an external service, which may be unexpected to the user or downstream agent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal