ClawHub

Notilens Clawhub Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward NotiLens alerting plugin that sends caller-provided notification messages and metadata to NotiLens when its functions are used.

Install this only if you want agents or scripts to send notifications to NotiLens. Use a dedicated NotiLens token and secret, and do not place secrets, raw prompts, customer data, private URLs, or sensitive error text in message, URL, or meta fields.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly requires environment secrets (`NOTILENS_TOKEN`, `NOTILENS_SECRET`) and is designed to send notifications to an external service, which implies network and env access despite no declared permissions. This creates a transparency and policy gap: users and hosting platforms may not realize the skill can exfiltrate task data, metadata, and links off-system.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The available functions encourage sending `message`, `meta`, URLs, task IDs, error details, and lifecycle events to NotiLens, but the skill description does not warn users that operational data may leave the local environment. In agent contexts, these fields can contain sensitive prompts, internal URLs, identifiers, or error content, so the omission increases the risk of unintended data disclosure.

Vague Triggers

Low
Confidence
74% confidence
Finding
The skill exposes many event-sending actions and has network plus secret access, but the descriptions do not state when these should not be called or what data must not be transmitted. In agentic environments, vague invocation criteria can lead to excessive or unintended notifications, including leakage of task metadata, links, errors, or user-related context to an external service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal