ClawHub

Site Cloner

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not clearly malicious, but it can clone arbitrary websites and includes under-scoped publishing steps that could modify real infrastructure or push copied content externally.

Install only if you intend to use it for sites you own or have explicit permission to reproduce. Treat the VPS and GitHub sections as unsafe defaults: replace hard-coded destinations, avoid root deployment, confirm every remote write, and review cloned content before publishing it anywhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill embeds a concrete deployment path to a specific VPS, including a hard-coded IP address, root login, and a local SSH key path. That goes beyond website cloning and creates an operational path for publishing data to an external server, increasing the chance of unauthorized deployment, secret misuse, or accidental exfiltration if the skill is invoked in the wrong context.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The GitHub publishing steps add account-level side effects unrelated to the core function of extracting a site's HTML. If triggered, the skill can create repositories and push potentially sensitive or copyrighted cloned content to a remote account, expanding impact from local processing to persistent external publication.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough that normal requests about copying or recreating a website could invoke a skill that performs scraping, asset downloading, local file creation, and optional external deployment. In this skill's context, overbroad activation is more dangerous because the downstream actions are high-impact and can operate on third-party sites and external services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes file writes, network downloads, SSH/SCP transfers, nginx configuration changes, and GitHub pushes without clear user-facing warnings or confirmation checkpoints. Because these are state-changing operations with external side effects, lack of safety prompts materially increases the risk of accidental publication, infrastructure modification, or mishandling of third-party content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal