ClawHub

ip-lookup

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward IP and hostname lookup skill whose external lookups are expected for its purpose, though users should avoid querying sensitive internal targets unless approved.

Install only if you are comfortable sending queried IPs or hostnames to public lookup providers. Do not use it for confidential internal infrastructure, customer indicators, or active incident-response targets without approval. Only set ABUSEIPDB_KEY when you intentionally want the optional AbuseIPDB reputation check.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly sends user-supplied IPs/hostnames to multiple third-party services (ip-api.com, ipwho.is, dns.google, RDAP providers, and optionally AbuseIPDB) but does not clearly warn users that these indicators will leave the local environment. This can expose sensitive investigation targets, internal infrastructure identifiers, or customer data to external parties, which is especially risky in security and incident-response workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits user-supplied IP addresses and resolved hostnames to multiple third-party services (ip-api.com, ipwho.is, ARIN/RIPE, and Google DNS) but does not clearly warn users at the point of use that their query data will leave the local environment. In a security-tool context, queried indicators can be sensitive investigation data, so silent external transmission can leak targets, internal hostnames, or analyst activity to outside services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal