ClawHub

html-report

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a report and diagram-generation helper with an optional web-search fallback, which is a privacy consideration but not evidence of malicious behavior.

Install only if you are comfortable with the skill generating HTML reports and, in some unsupported diagram cases, using web search. Avoid using it with confidential report text unless you explicitly prevent external lookup or confirm searches are limited to generic diagram terminology.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is described as a pure HTML report generator, but the instructions explicitly allow WebSearch for unsupported diagram types. That expands the capability surface beyond local formatting/rendering and can cause unannounced external queries using user-provided content, which is a meaningful security and privacy mismatch.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Embedding a WebSearch fallback in a report-generation skill introduces a network-capable behavior that is not obviously necessary for rendering HTML pages. If triggered on user content, it can leak sensitive data externally or fetch untrusted material that influences the generated output.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The instruction to act 'without confirmation' becomes riskier in the context of a workflow that may perform external WebSearch. Users may reasonably expect immediate report generation to stay local, so automatic network activity can occur without informed consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file explicitly instructs the skill to perform live web searches when a requested diagram type is not in the local library. That expands the skill from deterministic HTML report generation into external data acquisition, which changes the trust boundary, can introduce prompt-injection/content poisoning risk from search results, and may violate least-privilege expectations for a presentation skill.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documented fallback introduces a context-inappropriate capability: a report generator should transform provided input, not autonomously browse for new instructions or content patterns. In this context, external search materially increases attack surface because remote content could steer generation behavior or leak user context through queries.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are broad, common, and coupled with auto-execution, making accidental activation likely. In this skill's context, accidental activation is more dangerous because it can immediately transform arbitrary input into multi-page output and may invoke additional capabilities like WebSearch without a clear user boundary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal