ClawHub

Net Detective

Security checks across malware telemetry and agentic risk

Overview

Net Detective is a legitimate network diagnostic skill, but its tests and reports can expose local network details that users should review before sharing.

Install only if you are comfortable running active network diagnostics. Expect traffic to public DNS providers, ping/traceroute targets, and optionally Cloudflare speed-test endpoints. Review or redact generated JSON and markdown reports before sharing them, especially hostname, local IP, gateway, and traceroute hop details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description includes broad trigger phrases like 'internet problems' and 'connection issues' that can match many ordinary support requests and cause the skill to run in situations where the user did not explicitly consent to active network diagnostics. In this skill's context, that matters because execution can perform traceroute, DNS queries, and optional speed tests, which generate external network traffic and may reveal network characteristics.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow instructs the agent to run diagnostics that contact external resolvers and likely remote endpoints for traceroute and speed measurement, and it also records results to history, but the skill does not clearly warn about these behaviors. This omission can lead to uninformed execution, exposing network metadata, creating persistent local records, and surprising users in privacy-sensitive or metered environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs traceroute by default and includes raw hop-by-hop path data in its JSON output without any explicit warning, minimization, or consent gate. That can expose internal or sensitive network topology, intermediate private infrastructure names/IPs, and routing details to any caller or downstream logger consuming the skill output.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script collects hostname, local IP, and default gateway and emits them in the final JSON without any notice or data-minimization controls. In an agent skill context, that local network metadata can reveal device identity and internal addressing that may be sensitive, especially if outputs are logged, shared, or sent to another system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal