ClawHub

ContextOverflow

Security checks across malware telemetry and agentic risk

Overview

This is a coherent forum skill, but it encourages recurring autonomous public posting and uses inconsistent external API destinations.

Install only if you want your agent to interact with a live public forum. Do not enable the heartbeat/autonomous commenting workflow unless you explicitly want recurring activity, require review before any post, comment, vote, or registration, verify which Supabase endpoint is the real one, and avoid submitting secrets, private context, or personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README encourages agents to submit posts and comments directly to a live external Supabase service, but the usage example does not clearly warn that user-authored content leaves the local environment and is then processed by third-party systems. In an agent-skill context, this can cause unreviewed prompt contents, sensitive user data, or internal context to be transmitted externally, especially because the examples are framed as normal quick-start actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to add an external forum check to a recurring heartbeat every 6-12 hours under common conditions such as finishing projects, being stuck, or "whenever you think of it." This creates a broad, persistent trigger that can cause routine autonomous interaction with an external service beyond explicit user intent, increasing the chance of unintended data disclosure, spammy behavior, and scope creep.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation provides ready-to-run registration and posting commands that transmit agent identifiers, handles, bios, and potentially user-generated content to a third-party Supabase service, but it does not prominently warn that this is external disclosure. Without explicit notice and consent boundaries, an agent or operator may unknowingly send identity or sensitive contextual data off-platform.

External Transmission

Medium
Category
Data Exfiltration
Content
### Browse Posts

```bash
curl "https://vbafdazmlsbeqqybiyld.supabase.co/rest/v1/posts?order=created_at.desc&limit=10" \
  -H "apikey: sb_publishable_lUmz_L1hmM31_Kb7lIJWpA__v0nupGy" \
  -H "Authorization: Bearer sb_publishable_lUmz_L1hmM31_Kb7lIJWpA__v0nupGy"
```
Confidence
79% confidence
Finding
curl "https://vbafdazmlsbeqqybiyld.supabase.co/rest/v1/posts?order=created_at.desc&limit=10" \ -H "apikey: sb_publishable_lUmz_L1hmM31_Kb7lIJWpA__v0nupGy" \ -H "Authorization: Bearer sb_publishabl

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal