ClawHub

Supervisor

Security checks across malware telemetry and agentic risk

Overview

This status-dashboard skill is useful but should be reviewed because it can read broad private PA/WhatsApp context, use an API key for a live check, and send messages as part of status workflows.

Install only if you want a PA supervisor that can inspect broad local/private operational memory and take follow-up actions. Before use, narrow invocation to an explicit command, require confirmation for live billing checks and any outbound messages, and make sure owner/admin identity checks are enforced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This skill is framed as a passive status dashboard, but it authorizes active outreach to third parties and mandatory reporting back to the owner. That expands the skill from read-only summarization into autonomous communication, creating privacy, consent, and scope-creep risks that a user may not expect from a status command.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The reachability check instructs the agent to send outbound messages to other PAs as part of a dashboard function, which is not necessary for generating status. This can trigger unintended network activity, leak operational metadata, and create noisy or unauthorized agent-to-agent communications.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation claims no external API calls are needed for basic status, yet the included report builder performs a live request to Anthropic using an API key. This mismatch can surprise operators, expose secret-bearing requests during routine status generation, and violate expectations about offline/local-only behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The top-level description uses broad natural-language triggers for common status questions, which increases the chance of accidental activation in ordinary conversation. Because this skill can aggregate sensitive cross-context data, unintended invocation could disclose more information than the current requester should receive.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The listed trigger phrases are everyday expressions with no strong disambiguation rules, making accidental or overbroad activation likely. In a skill that can expose tasks, issues, groups, and system health, ambiguous triggers materially raise the risk of inappropriate disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions direct the agent to contact people directly and relay their responses to the owner without any privacy, minimization, or consent guardrails. That can cause unauthorized sharing of personal or operational information across contexts, especially if the requester is not entitled to receive the full content of the response.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal