ClawHub

Ccsinfo

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned, but its default setup can expose private Claude Code session history on the network without enough access-control guidance.

Review before installing. Use this only with a ccsinfo server you control, prefer binding the server to 127.0.0.1 or a private VPN instead of 0.0.0.0, avoid plain HTTP on shared networks, and add firewall or authentication controls if available. Treat retrieved session text as sensitive and untrusted, because it may contain prompts, tool outputs, code, secrets, and old instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to expose and query Claude Code session data from a remote server, including binding the server to 0.0.0.0 and configuring a plain HTTP endpoint, but provides no warning about the sensitivity of session contents or the privacy/security risks of remote access. Because session histories, prompts, tool calls, and tasks can contain secrets or proprietary data, normalizing remote access without safeguards increases the chance of unintended data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly queries Claude Code session data from a remote server, which can include sensitive conversation history, prompts, and tool-call metadata, but the description does not warn users about the privacy and network exposure implications. This increases the chance that users will invoke the skill without understanding that sensitive session data may be transmitted off-host.

Missing User Warnings

High
Confidence
98% confidence
Finding
The setup instructions tell users to start the server on 0.0.0.0 and describe it as accessible on the LAN, while the server exposes data from ~/.claude/projects/ via a REST API. Binding to all interfaces without an explicit warning or access-control guidance can expose highly sensitive session data to other devices on the network and materially increases the likelihood of unauthorized access.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The reference states that commands automatically use $CCSINFO_SERVER_URL but does not clearly warn users that invoking these commands may send sensitive session metadata, message history, prompts, and tool-call data to a remote server. In a skill explicitly designed to inspect Claude Code session data, this omission increases the risk of accidental disclosure to an unexpected, attacker-controlled, or misconfigured endpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal