ClawHub

ANSIClaw

Security checks across malware telemetry and agentic risk

Overview

ANSIClaw is a disclosed ANSI-art helper that uses a local drawing API and writes generated art files, with some practical consent and overwrite cautions.

Install only if you intend to run Clawbius locally and let the agent modify its canvas and save generated art. Before running bundled scripts, check the destination paths and filenames, and avoid using private or regulated images unless you understand how your agent processes image inputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to use the skill 'anytime the user asks for ANSI art, or when you want to create it on your own initiative' is overly broad and authorizes self-triggering without clear user consent boundaries. In context, that is risky because the skill also performs network calls and filesystem writes, so autonomous invocation can cause unintended side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README tells users to place arbitrary source images in the folder and states that Clawd will analyze them and produce output using the Clawbius API, but it does not warn that those images are transmitted to a third-party service. This can cause users to upload sensitive or copyrighted material without informed consent, creating privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally writes two files to ~/Desktop without prompting the user or making the destination explicit at runtime. While the content is benign ANSI art, unexpected filesystem writes are still risky behavior for an agent skill because they can clutter user environments, overwrite existing files, and violate user expectations about consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script unconditionally saves output files to ~/Desktop without prompting the user or allowing them to choose a destination. While this is not an exploit by itself, it performs a side effect on the local filesystem that may be unexpected, can overwrite user content if filenames collide, and leaks generated artifacts into a visible user location.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes files into the user's Documents directory automatically without any prompt, consent, or clear prior warning. Even though the filenames are fixed and not attacker-controlled here, unsolicited filesystem writes are risky in an agent context because they create side effects on the host and may overwrite user expectations or leak artifacts into synced folders.

External Transmission

Medium
Category
Data Exfiltration
Content
post("/api/file/save", {"path": ans_path})

r = requests.post(f"{BASE}/api/file/export/png", json={"path": png_path})
print("PNG export:", r.text[:80])
print(f"Saved: {ans_path}")
print("ALL DONE ✓")
Confidence
76% confidence
Finding
requests.post(f"{BASE}/api/file/export/png", json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal