ClawHub

Claw Relay

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about setting up Tailscale routing, but it asks users to make a personal residential device the exit point for cloud agent traffic without enough risk, scope, or rollback guidance.

Install only if you deliberately want cloud or AI-agent traffic to appear from your residential IP. Prefer a dedicated device or isolated network, use Tailscale ACLs to limit who can use the exit node, monitor bandwidth and abuse reports, verify installers before running them, and know how to disable the exit node before enabling full-tunnel routing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly states that all VPS traffic will transparently egress through the user's residential laptop/IP, but it does not warn about the resulting privacy, attribution, bandwidth, and device-exposure implications. This can cause users to unknowingly route sensitive or high-risk agent activity through their home connection, making abuse complaints, monitoring, or legal/operational consequences land on the residential user.

External Script Fetching

High
Category
Supply Chain
Content
**Linux:**
```bash
curl -fsSL https://tailscale.com/install.sh | sh
```

### 2. Enable as exit node
Confidence
96% confidence
Finding
curl -fsSL https://tailscale.com/install.sh | sh

External Script Fetching

High
Category
Supply Chain
Content
### 1. Install Tailscale

```bash
curl -fsSL https://tailscale.com/install.sh | sh
```

### 2. Join the tailnet and set exit node
Confidence
96% confidence
Finding
curl -fsSL https://tailscale.com/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
**Linux:**
```bash
curl -fsSL https://tailscale.com/install.sh | sh
```

### 2. Enable as exit node
Confidence
95% confidence
Finding
| sh

Chaining Abuse

High
Category
Tool Misuse
Content
### 1. Install Tailscale

```bash
curl -fsSL https://tailscale.com/install.sh | sh
```

### 2. Join the tailnet and set exit node
Confidence
95% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal