ClawHub

Javascript Sdk

Security checks across malware telemetry and agentic risk

Overview

This is a real JavaScript SDK documentation skill, but it needs review because it grants broad Node/npm command use and includes unsafe copy-paste examples for credentials, uploads, public files, browser automation, and eval-based tool handling.

Review before installing. Use this skill only when intentionally working with @inferencesh/sdk, approve npm/npx/node commands case by case, keep API keys server-side, avoid NEXT_PUBLIC credentials for real keys, upload only intended non-sensitive files, avoid public: true for private data, replace eval examples with a safe parser, and validate or require approval for webhooks and browser automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document correctly advises never exposing API keys in browser code, but the local testing example later recommends using `NEXT_PUBLIC_INFERENCE_API_KEY` in client configuration during development. In common frontend frameworks, `NEXT_PUBLIC_*` variables are intentionally embedded into client-side bundles, so this guidance normalizes credential exposure and can lead to accidental use of real or reusable keys in browser-accessible code.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file upload examples show local-path and browser file uploads without explicitly warning that selected files are transmitted to a remote inference service. In a skill context, users may copy examples verbatim and unintentionally exfiltrate sensitive local or browser-selected data, especially because the examples normalize direct upload flows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The webhook example demonstrates sending data to an external URL and attaching a secret, but it does not clearly warn that tool inputs may be transmitted to a third-party service. In an agent/tooling context, this can cause unintended outbound disclosure of prompts, messages, or sensitive operational data if developers adopt the pattern without adding consent and data-classification controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The conversation memory example persists full chat history to a local file without any warning, minimization, access control, or guidance on handling sensitive content. In an SDK reference, this can lead developers to copy a pattern that stores prompts, model outputs, secrets, or personal data in plaintext on disk, creating privacy and data exposure risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation promotes automatic upload of local file paths in Node.js without clearly warning that passing a path causes the file contents to be transmitted to a remote service. This can lead developers to unintentionally exfiltrate sensitive local files if user-controlled paths or mistaken paths are supplied.

Missing User Warnings

High
Confidence
97% confidence
Finding
The `public: true` option is documented as a normal upload setting without a prominent warning that it makes uploaded content publicly accessible. Developers may enable it for convenience and accidentally expose sensitive documents, images, or customer data through world-accessible URLs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The FileUpload example automatically sends a user-selected file to a remote service via client.uploadFile(file) immediately after selection, without any explicit notice, consent step, or description of where the file is sent and how it will be handled. In a React/frontend SDK reference, developers may copy this pattern directly into production UIs, creating a privacy and compliance risk for sensitive files such as documents, images, or personal data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The markdown suggests a public frontend API key for development without clearly warning that this exposes the credential to anyone using the app or inspecting network traffic/bundled code. Because this file is specifically about secure proxying, the contradictory example is more dangerous: readers are likely to copy it into real projects and later reuse non-development keys or deploy the pattern by mistake.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The browser automation examples show actions like navigating, clicking, typing, and taking screenshots against external sites without any warning, consent boundary, or validation guidance. In a session-oriented API, this can normalize building flows that submit user-provided data to third-party websites or perform state-changing actions, increasing risk of unintended transactions, data leakage, or abuse if copied into production code.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation enables `codeExecution(true)` and also includes a tool-call handler example using `eval(call.args.expression)`, which can execute attacker-controlled input if the model or user supplies a malicious expression. In an agent/tooling context, this is especially dangerous because LLM-generated tool arguments are untrusted and may lead to arbitrary code execution or host compromise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation example sets `public: true` for uploaded files without any warning that the resulting file may be publicly accessible. In SDK reference material, users often copy examples directly; this can lead to unintended exposure of sensitive files, especially in frontend or agent contexts where uploaded content may include private user data.

Session Persistence

Medium
Category
Rogue Agent
Content
## Conversation Memory Pattern

Maintain context across sessions:

```typescript
import { inference } from '@inferencesh/sdk';
Confidence
82% confidence
Finding
Maintain context across sessions

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal