ClawHub

Test Template Starter Pack

Security checks across malware telemetry and agentic risk

Overview

This is a local Python starter template with clean scan telemetry, but its production claims and example domains need careful security hardening before real use.

Safe to install as a local template, but do not treat it as production-ready. Before connecting real Telegram bots, CRMs, calendars, payment systems, bank statements, receipts, or customer data, add proper secret management, HTTPS/webhook validation, access controls, consent notices, data minimization, retention/deletion rules, audit logging, and confirmation steps for sensitive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is marketed as a production-ready Telegram agent starter with CRM, routing, follow-up, and analytics, but the described behavior is only a local test template with placeholders and no real Telegram, deployment, CRM, or runtime integration. This mismatch can mislead users into deploying or trusting an incomplete system for business workflows, creating operational and security risk because expected controls, integrations, and production hardening may be absent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly instructs users to replace mock stores with real CRM, calendar, payment, and webhook integrations, but it provides no warning about sensitive data handling, credential storage, authentication, transport security, or third-party data transmission. In a starter pack for rapidly deploying Telegram agents, this omission can lead builders to connect live systems unsafely and expose customer data, payment metadata, or bot tokens.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The intent pattern includes the standalone trigger "help", which is an extremely broad everyday term and can cause accidental routing into the FAQ flow for unrelated user messages. In a customer-facing CRM/agent workflow, this increases the chance of misclassification, unintended automation, and incorrect downstream actions such as lead handling or follow-up behavior.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger terms are broad enough to match common conversational language, which can cause the agent to classify ordinary user messages into sensitive actions or workflows. In a tax assistant context, accidental activation can lead to unintended financial processing, reminders, or exposure of tax-related functions when users did not explicitly request them.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Several intent patterns such as generic help/how/what style triggers are underspecified and overlap heavily with normal chat behavior. In a Telegram bot handling tax, invoice, and bank-related workflows, ambiguous routing increases the risk of unintended data collection, wrong workflow execution, or confusing users into disclosing sensitive financial information.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Bank statement parsing and receipt scanning inherently involve sensitive financial and potentially personal data, yet the brief provides no notice about consent, storage, retention, or secure handling. In this skill context, that omission is more dangerous because the bot is explicitly positioned to ingest regulated financial information via Telegram, a channel where users may over-share if safeguards are not clearly communicated.

Missing User Warnings

Low
Confidence
77% confidence
Finding
Automated follow-up and inactivity messages imply behavioral tracking and deadline monitoring, but the brief does not disclose that user activity and timing data may be stored and used for outreach. While not inherently malicious, undisclosed monitoring in a tax-assistant context can erode user trust and create privacy/compliance issues if users did not knowingly opt in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal