ClawHub

提供文件管理服务,并通过文件管理服务进行传输文件

Security checks across malware telemetry and agentic risk

Overview

This file-transfer skill is mostly purpose-aligned, but users should review it because it packages a FileManager AppKey and encourages network-exposed file sharing with limited safety guidance.

Install only if you control and trust the FileManager service. Replace and rotate the packaged AppKey, bind the service to localhost unless remote exposure is intentional, use firewall/TLS or a trusted tunnel for remote access, avoid putting real share passwords in shell commands, and treat downloaded files as untrusted until inspected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger conditions are broad: the skill applies whenever files move between the agent environment and the user, including remote sending, sharing, and downloading from links. Without sharper boundaries, the agent may invoke this skill in situations where file transfer is unnecessary or unsafe, increasing the chance of accidental data disclosure or importing untrusted content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill covers uploading, downloading, and creating share links, but it does not explicitly warn that these operations move user or local data to a remote service and may write files to disk. That omission can lead to silent exfiltration of local artifacts, unsafe ingestion of untrusted files, or user surprise about where data is stored and how long it remains accessible.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly instructs operators to bind the file transfer service to 0.0.0.0 and later notes it may be exposed through tunnels, reverse proxies, VPNs, or public addresses, but it does not pair this with clear security guidance such as restricting access, enabling authentication hardening, or avoiding public exposure by default. In the context of a file-management service that handles uploads/downloads and uses an AppKey, network exposure materially increases the risk of unauthorized access, data leakage, or abuse if the service is misconfigured or the key is weak or leaked.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs operators to upload files to a remote FileManager service and distribute generated share URLs and passwords, but it does not clearly warn that file contents leave the local environment or that the resulting link/password pair grants access to the uploaded data. This omission can cause accidental disclosure of sensitive files or mishandling of access credentials, especially in an agent workflow where users may assume actions are local or ephemeral.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal