Back to skill

Security audit

Clawhub Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LLM router guide, but its documented defaults can expose a provider-backed chat proxy and dashboard unless the user locks it down.

Review before installing. Only run the referenced npm project from a repository you trust, set ROUTER_API_KEY, bind HOST to localhost unless remote access is intentional, protect .env and upstreams.json, and avoid routing sensitive prompts to cloud providers unless their policies are acceptable for your data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation clearly describes upstream provider routing and API-key-based cloud integrations, but it never explicitly warns that user prompts, conversation content, and related metadata will be sent to third-party model providers. In a router/proxy skill, this omission can cause users to unknowingly transmit sensitive data off-host, creating privacy, compliance, and confidentiality risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The wizard is documented as writing credentials to `.env`, but there is no warning that this stores secrets in plaintext on disk and may expose them through weak file permissions, accidental commits, backups, or shared environments. For tooling that handles multiple provider API keys, failing to warn users about secret storage materially increases credential leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.