ClawHub

Mentions Full

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent paid MentionsAPI client, but it has an under-disclosed API endpoint override that could send the API key and monitoring data to an arbitrary host.

Install only if you trust MentionsAPI and need paid AI brand visibility checks. Set MENTIONSAPI_KEY carefully, do not set MENTIONSAPI_URL unless you intentionally control that endpoint, and use watch_brand only with a trusted HTTPS webhook and a protected secret; confirm how to cancel monitors before enabling recurring checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tainted flow: 'req' from os.environ.get (line 86, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
"Accept": "application/json",
            },
        )
        with urllib.request.urlopen(req, timeout=TIMEOUT_SECONDS) as resp:
            raw = resp.read().decode("utf-8")
            return json.loads(raw) if raw else {}
    except urllib.error.HTTPError as e:
Confidence
96% confidence
Finding
with urllib.request.urlopen(req, timeout=TIMEOUT_SECONDS) as resp:

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill supports persistent monitoring that sends query/brand change data to a user-hosted webhook, but it does not warn users about the sensitivity of transmitted data, endpoint trust, replay/integrity validation, or safe handling of the webhook secret. This can lead to accidental disclosure of business intelligence, misconfigured public endpoints, or weak secret management that undermines webhook authenticity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal