ClawHub

ChilledSites

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it gives an agent under-scoped authority to create service credentials and publish live websites.

Install only if you are comfortable with an agent using ChilledSites credentials and publishing websites. Require explicit approval before signup, generation that spends tokens, deployment, edits, or deletion, and keep the API key and secret out of prompts, logs, generated site files, and public pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill documents an unauthenticated signup flow that returns live API credentials directly to the agent with 'no human involvement required.' This expands the skill from website management into autonomous account creation and secret acquisition, enabling unapproved external account provisioning, billing/resource abuse, and bypass of normal user consent expectations.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill exposes AI video generation even though its declared purpose is website generation, editing, and deployment. This scope expansion gives the agent additional paid content-generation capability that is unrelated to the advertised function, increasing the chance of unintended spend or misuse.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Advertising a /v1/generate/video endpoint in the REST reference broadens the operational scope beyond the stated website-building use case. Excess capabilities are dangerous in agent skills because they invite tool use outside user expectations and may consume tokens or generate unreviewed media.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to deploy content directly to a public chilledsites.com subdomain without warning that the result is immediately internet-accessible. In context, this makes accidental publication of sensitive, unreviewed, or policy-violating content more likely because deployment is framed as a routine step rather than a consented publishing action.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs agents to obtain, store, and use API keys and secrets but provides no handling guidance for sensitive credentials. In an agent environment this increases the risk of secrets being logged, echoed back to users, inserted into generated content, or reused in unsafe contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal