ClawHub

Geopolitical Analyst

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at geopolitical analysis, but its main documentation materially understates external data sharing, optional credentials, missing advertised runtime files, and local tracking behavior.

Install only if you are comfortable with the skill sending your topic, country, and optional ACLED credentials to external public APIs. Treat its outputs as analytical assistance, not authoritative intelligence; review the sanctions-evasion and speculative modules carefully, and require confirmation before any tracking_log.jsonl write. The publisher should correct the documentation, remove unsupported file claims, disclose data flows and credential use, and pin dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill description materially misrepresents behavior by claiming no API keys are required and advertising a broad local analytical framework, while the implementation reportedly uses external data fetches, optional ACLED credentials, and a narrower fetch-and-summarize workflow. Misleading capability and data-flow claims undermine informed consent, can cause operators to expose credentials unexpectedly, and hide the true privacy and operational risk profile of the skill.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The document explicitly instructs the agent to update a persistent file (`tracking_log.jsonl`), which crosses from passive reference material into state-changing behavior. In an agentic environment, even a low-risk write instruction can create unauthorized local data modification, unexpected persistence, or contamination of later analyses if executed automatically.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger condition 'forward-looking assessments (Scenario modeling, Causal Chains)' is broad enough that this module may activate in many loosely related contexts, causing the agent to inject speculative AI-geopolitics framing when it was not explicitly requested. In a live intelligence skill with many modules and real-time integration, such underspecified activation can skew outputs, amplify conjecture, and reduce reliability of high-stakes geopolitical analysis.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The markdown tells the agent to update a local tracking log without any warning or confirmation step, which can cause silent modification of local state. Even though the target file appears operationally relevant, hidden writes are unsafe because users may not expect reference content to trigger persistence or alter workspace data.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger text says the module is used in broad situations like actor mapping and output generation, but it does not define concrete conditions, inputs, or limits for activation. In an agentic system, vague activation boundaries can cause over-triggering or inappropriate use of this perspective module, which may inject biased or speculative geopolitical framing into unrelated tasks.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dateutil>=2.8.2
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dateutil>=2.8.2
Confidence
95% confidence
Finding
python-dateutil>=2.8.2

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal