ClawHub

Clawhub Skill Content Ingestion

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Citedy URL-ingestion integration, with privacy and credential-handling caveats users should understand before use.

Install only if you are comfortable sending target URLs and extracted content to Citedy and using a Citedy API key. Store the key in a secret manager rather than chat when possible, pass a non-identifying agent name during registration, and avoid private, tokenized, confidential, or proprietary links unless you have reviewed Citedy's privacy policy and accept that processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The setup flow expands beyond content ingestion into agent registration, human approval, API key collection, and referral tracking. That creates unnecessary credential-handling and growth/promotion behavior in a skill whose stated purpose is URL ingestion, increasing the chance an agent solicits secrets from users or performs actions unrelated to the user’s request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad enough to activate on common requests like summarization, extraction, or analysis, even when a user did not intend to send data to an external processor. In context, this can cause over-invocation of the skill and silent transmission of user-provided URLs/content to Citedy without clear, task-specific consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn that submitted URLs and the fetched remote content are transmitted to and processed by a third-party service. This is dangerous because users may share sensitive, private, or proprietary links under the assumption the agent is handling them locally, creating a privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal