ClawHub

Intel Synthesis

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as an intelligence briefing workflow, but it also sends generated PDFs to fixed external email addresses using a configured email account without a clear approval step.

Install only if you control the input directory, /Volumes/Intel output area, LaTeX template, and himalaya email account. Before use, remove or replace the hard-coded recipients, require a final confirmation before any email is sent, and review generated PDFs before dispatch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to read a prior briefing from a fixed absolute path outside the user-provided target directory, which expands access beyond the apparent task scope. This can cause unanticipated disclosure of local sensitive files and violates least-privilege expectations, especially in an agent environment where users may assume only the supplied directory is read.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs writing generated outputs to a fixed filesystem location without explicit user consent, which can create or overwrite files outside the requested workspace. In agent workflows, silent writes to local absolute paths are dangerous because they can modify persistent data, leak processed intelligence into unintended locations, or clobber existing documents.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill contains hard-coded external email recipients and instructs dispatch of generated briefings without any consent gate, which creates a clear data-exfiltration path. Given the content is intelligence reporting compiled from local files, automatic emailing to fixed addresses could disclose sensitive or private material to external parties without the operator's knowledge or approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal