ClawHub

Brand Monitoring

Security checks across malware telemetry and agentic risk

Overview

The skill appears non-destructive, but it presents demo and hardcoded brand-monitoring results as if they were live monitoring data.

Review before installing or relying on it. Treat the current version as a demo/report generator unless the publisher clearly implements and documents live collection. Do not use its alerts, sentiment, trend, or competitor reports for business decisions without independently verifying the data sources and whether production scraping/API calls are enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill description materially overstates and misrepresents behavior, including claiming live monitoring and specific platform coverage while static analysis indicates demo/manual data paths and undeclared Twitter/X support. This is dangerous because users and reviewers may grant trust, run the skill in inappropriate contexts, or make business decisions based on fabricated or incomplete monitoring results, and hidden platform support can expand the network/data exposure beyond what was disclosed.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill advertises live monitoring of external sources, but the implementation returns only hardcoded demo data and does not perform real collection. In a security-sensitive agent ecosystem, this is dangerous because users or downstream agents may make operational or reputational decisions based on fabricated results while believing they are current external intelligence.

Description-Behavior Mismatch

Low
Confidence
94% confidence
Finding
The code defines and documents a broader monitoring surface than is actually implemented, creating a misleading representation of capability. While this is not direct code execution or data theft, it can cause users to overtrust coverage and miss important brand or incident signals on platforms they believe are being monitored.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module documentation claims Google-based sourcing, but the operational flow never invokes the Google News search path and instead uses demo mentions. This discrepancy can mislead users into trusting stale or fictional monitoring output, which is especially risky for crisis detection and brand reputation workflows where timeliness and source authenticity matter.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal