ClawHub

Clawdship

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate deployment helper, but it should be reviewed because it can upload local files, create public hosted resources, and exposes deletion and payment-related operations without strong guardrails.

Install only if you are comfortable with an agent uploading selected project files to clawdship.dev and creating hosted resources there. Deploy from a clean build directory such as ./dist, exclude .env files and secrets, keep the returned API key private, verify CLAWDSHIP_API is not set unexpectedly, and require explicit confirmation before deploys, redeploys, custom-domain changes, deletions, or credit top-ups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and demonstrates shell execution via bash, curl, and tar, but the manifest does not declare corresponding permissions or capabilities beyond metadata hints. Hidden or undeclared shell/network behavior reduces transparency for users and orchestrators, making it easier for the skill to run commands that package local files and transmit them externally without an explicit trust decision.

Tp4

High
Category
MCP Tool Poisoning
Confidence
78% confidence
Finding
The description understates important behaviors: handling unrecoverable API keys, returning billing links, and exposing site-management and deletion operations. Behavior-description mismatches can cause users or agents to invoke the skill under false assumptions, leading to unexpected credential handling, charges, or destructive actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are very broad, such as 'deploy', 'host', 'publish site', and 'ship it', which increases the chance the skill is invoked in contexts the user did not intend. Because the skill can package files, create paid hosting resources, and manage remote sites, over-broad triggering materially raises the risk of accidental data transmission or unwanted charges.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation includes a direct site deletion command with no warning, confirmation requirement, or guardrails. In an agent context, presenting destructive API calls as routine examples can lead to accidental or automated deletion of production sites if the skill is invoked or adapted carelessly.

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s -H "Authorization: Bearer $CLAWDSHIP_API_KEY" https://api.clawdship.dev/v1/sites/SITE_ID

# Redeploy
curl -s -X POST -H "Authorization: Bearer $CLAWDSHIP_API_KEY" https://api.clawdship.dev/v1/sites/SITE_ID/redeploy

# Delete
curl -s -X DELETE -H "Authorization: Bearer $CLAWDSHIP_API_KEY" https://api.clawdship.dev/v1/sites/SITE_ID
Confidence
82% confidence
Finding
https://api.clawdship.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Top up credits — returns 402 with x402 payment instructions
curl -X POST -H "Authorization: Bearer $CLAWDSHIP_API_KEY" \
  https://api.clawdship.dev/v1/credits/topup/5

# Amounts: $5, $10, $20, $50
# Requires: x402-compatible SDK + USDC on Base (chain 8453)
Confidence
77% confidence
Finding
https://api.clawdship.dev/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal