ClawHub

Agent Ui

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent guide for installing an agent UI component, with expected third-party install, API proxy, upload, and browser-tool risks that users should review before production use.

Before installing, review the remote component and @inferencesh/sdk source, pin versions where practical, keep the inference API key server-side, protect the proxy route with authentication and rate limits, limit file/image uploads, disclose external provider data handling, and require user confirmation before browser-side tools read or modify sensitive form data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad terms such as 'ai assistant ui', 'copilot ui', and 'react agent', which can match many generic user requests and cause this skill to be invoked outside its intended scope. Over-broad activation increases the chance that a capability involving proxying, tools, or file handling is surfaced in contexts where the user did not explicitly request it.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes file uploads, image uploads, API proxying, and client-side tools, but does not warn about data exposure, permission boundaries, or the risks of executing browser-side actions on behalf of an LLM. In this context, the omission is more dangerous because the component is explicitly agentic and supports human-in-the-loop and tool execution, which can encourage developers to deploy sensitive capabilities without safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal