ClawHub

ClawLink

Security checks across malware telemetry and agentic risk

Overview

ClawLink is a disclosed third-party integration plugin, but it gives a broad agent path to read from or write to many connected SaaS apps through ClawLink, so users should review its scope carefully before installing.

Install only if you are comfortable using ClawLink as a third-party broker for your connected SaaS accounts. Connect only the apps you intend the agent to use, review ClawLink's dashboard and credential controls, use previews and explicit confirmations before writes or destructive actions, and remove the local ClawLink credential with the plugin logout command if you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description says to use ClawLink for essentially any request involving Gmail, Slack, Notion, calendars, CRMs, inboxes, or 'other external apps,' creating a very broad trigger surface. That can cause the skill to activate for many unrelated or higher-risk external actions, steering the agent toward a third-party integration layer by default and increasing the chance of unintended data access or external side effects.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to use ClawLink for 'any other third-party tool' is vague and effectively open-ended, which encourages routing a wide range of external-service requests through one integration broker without clear boundaries. In practice this can override safer, more specific skills or workflows and may expose user data or enable actions on services the user did not clearly intend to access via this plugin.

VirusTotal

63/63 vendors flagged this plugin as clean.

View on VirusTotal