ClawHub

Agent Fact Check Verify

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fact-checking skill with expected external search behavior, but users should avoid submitting private text and protect any optional social-media cookies.

Install only for public fact-checking workflows. Do not paste private messages, confidential drafts, secrets, or sensitive allegations unless you are comfortable with searches against external providers; configure Tavily and optional X/Reddit CLI credentials deliberately, using low-privilege accounts and protected cookie storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims rigorous multi-source fact checking with mandatory Tavily-first search and fallback behavior, but the analysis indicates it does not actually perform those external lookups and instead scores supplied evidence offline. This can mislead users into trusting outputs as independently verified when they may simply reflect unverified or attacker-provided input, creating a serious integrity and misinformation risk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are very broad for a skill that performs external fact-checking workflows, so ordinary user language could invoke the skill unintentionally. That can cause unexpected data transmission to search providers or third-party CLIs and may also override a more appropriate skill selection path, creating privacy and control risks rather than direct code-execution risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes sending claims through external search services and optional Twitter/Reddit CLIs, but it does not provide a user-facing notice that user-supplied text may be transmitted to third parties. In a fact-checking context, users may paste private messages, drafts, or sensitive allegations, so silent forwarding creates a meaningful privacy and compliance risk.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation phrases are broad enough to match common user language such as 'verify' or 'is this true,' which can cause the skill to trigger in routine conversations without clear user intent to invoke this workflow. In an agent setting, overly eager activation can override normal routing, increase unnecessary external searches, and create privacy or cost issues by sending benign content into a fact-check pipeline.

Natural-Language Policy Violations

Low
Confidence
72% confidence
Finding
The README states the skill should be activated first when certain phrases appear in multiple languages, which removes user opt-in and can force this skill ahead of other more appropriate behaviors. While not directly enabling code execution or data exfiltration, it can cause misrouting, unnecessary search activity, and reduced user control over agent behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The recommended trigger phrases are broad enough to match common conversational requests such as 'is this true?' or generic 'verify' language, which can cause the skill to activate outside the user's actual intent. In an agent setting, overly broad auto-activation can reroute benign queries into a fact-check workflow with enforced search and response constraints, creating prompt-routing abuse, unnecessary external lookups, and incorrect handling of non-fact-check tasks.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Hard-coding the output format in this Spanish README without offering language negotiation can cause the agent to answer in an unintended language, which is a control and usability weakness. In security-sensitive or high-stakes fact-checking contexts, forcing the wrong language can miscommunicate conclusions, disclaimers, or uncertainty and reduce the user's ability to validate the result.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal