ClawHub

StormProof — NOAA Hurricane Weather Lookup

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate storm-data purpose, but it sends and logs street addresses through a third-party service while several examples skip the stated consent step.

Review this before installing if you may ask about personal properties or insurance claims. The service needs a street address and date to work and says it logs those lookups, so the agent should ask for clear permission before every first lookup in a conversation. The skill author should update all examples to show that consent step before calling the tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly requires user consent before transmitting a street address to a third-party endpoint, yet the example workflow omits that step and normalizes sending PII immediately. In practice, examples strongly shape agent behavior, so this creates a real risk of unauthorized disclosure of a user's home address and storm-loss date to an external service despite the documented privacy requirement.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
These examples depict direct tool invocation after receiving address/date information without the mandated privacy notice and approval step. Because skills are often followed literally by downstream agents, the omission can operationally bypass the skill's own PII-transfer safeguard and lead to repeated third-party sharing without informed consent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Trigger terms such as 'storm' and 'gust' are broad enough to match many ordinary weather conversations, increasing the chance that this skill activates when the user did not intend a forensic address lookup. In this skill's context, over-triggering is more dangerous than usual because activation can lead to collection and external transmission of a precise street address to a third party.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
This is a privacy-sequencing flaw: the example sends a street address to a third-party service before obtaining the explicitly required consent. Since the skill itself discloses logging and analytics tagging by the external operator, skipping consent undermines informed user choice and could expose sensitive residential or claim-related location data.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
Additional examples reinforce behavior that bypasses the documented consent requirement for third-party PII transfer. Repetition across examples increases the likelihood that an agent implementer treats the consent text as optional boilerplate rather than a mandatory privacy control.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal