ClawHub

SignalPipe

Security checks across malware telemetry and agentic risk

Overview

SignalPipe appears to be a coherent sales automation plugin, but users should understand that it sends prospect data to a backend and can optionally post or DM on Reddit after approval.

Install only if you are comfortable sending sales and prospect data to the configured SignalPipe backend. Use sender mode carefully: start with dry_run, keep daily caps low, review drafts before approval, and consider a dedicated Reddit sending account because automated comments or DMs can affect account reputation or violate platform rules. Protect and rotate SIGNALPIPE_OPERATOR_KEY and any REDDIT_* credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes an optional background sender that posts Reddit comments and DMs using the user's own credentials, but it does not prominently warn about account bans, rate limits, platform policy violations, mistaken outreach, or privacy exposure from automating actions on a third-party account. In a sales-automation skill, that omission is materially risky because users may enable the feature without understanding that the tool can act as them on live accounts and could damage reputation or trigger enforcement.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The declaration documents a background sender that can post Reddit comments and DMs using the operator's own credentials, but it does not indicate any mandatory per-action confirmation, explicit consent UX, or strong warning at the tool boundary. In an agentic setting, this increases the risk of unintended autonomous posting, account misuse, spam, or reputational damage if the host agent starts the sender or processes missions without the operator fully understanding that their account will be used.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code sends Reddit DMs directly with the operator's stored credentials once a mission is approved, without any final per-message confirmation, preview gate, or user-facing warning at the point of transmission. In a sales/outreach automation skill, that is risky because mis-targeted, prompt-injected, or incorrectly drafted messages can be sent to real users immediately, causing spam, account penalties, or unintended disclosure under the operator's identity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This tool transmits prospect identifiers, channels, product interest, mission linkage, and behavioral signals to a remote backend, but the tool definition provides no explicit user-facing disclosure or consent mechanism about that external data transfer. In a sales-prospecting skill, this can expose personal data and inferred behavioral profiling to a backend service without the operator clearly understanding the privacy implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The message-generation tool sends a prospect identifier to a backend service that generates outreach content using prospect state and history, yet the code only says to present the message for review and does not warn that prospect context is processed remotely. Because this skill handles sales pipeline and objection history, the backend may infer or access sensitive relationship data without transparent notice to the user.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This tool explicitly retrieves the full system prompt, recent conversation history, persona voice, objection history, and schema from the backend, but only warns not to dump it back to the user; it does not warn that this sensitive context is being fetched and handled remotely. In this skill's context, that payload can contain prospect communications and internal sales playbook material, increasing both privacy and prompt/data leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The signal-scoring tool invites operators to paste arbitrary text from Gmail, Slack, Discord, Telegram, LinkedIn, WhatsApp, transcripts, and web pages into a backend API, but it gives no explicit privacy warning or safeguards around uploading potentially confidential third-party communications. Because the skill is designed to mine buying intent across external channels, the likelihood of sending sensitive or regulated data to the backend is materially elevated.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest requires sensitive environment variables (SIGNALPIPE_API_URL and SIGNALPIPE_OPERATOR_KEY), but this file provides no user-facing warning about their sensitivity, scope, or handling. In the context of a sales automation skill that can send Reddit replies/DMs and relies on a managed backend, this increases the risk that operators provide high-privilege secrets without understanding exposure, misuse, or data-flow implications.

VirusTotal

58/58 vendors flagged this plugin as clean.

View on VirusTotal