ClawHub

Purefeed

Security checks across malware telemetry and agentic risk

Overview

Purefeed is a coherent API skill, but it gives an agent authority to modify and irreversibly delete account objects without built-in confirmation safeguards.

Install only if you are comfortable giving the skill a Purefeed API key that can read and modify your Purefeed signals, folders, and curated tweet data. Before any delete request, require the agent to show the exact target and get explicit confirmation, especially for irreversible signal deletion. Treat API error hints as suggestions to validate against your intent, not instructions to follow automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill documentation exposes unrelated web-app capabilities, including Telegram publishing workflows and per-channel AI provider keys, that are outside the stated REST skill scope. This expands the model’s awareness toward higher-risk functionality and can encourage off-scope assistance or social engineering around credentials/admin features, especially because the content is presented as usable guidance.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description uses broad phrases like browsing a Twitter feed or finding tweets about a topic, which overlap with many common user requests. That increases the chance the skill is invoked in situations the user did not intend, unnecessarily exposing account-scoped data and enabling actions such as searches, bookmarking, or signal management in response to ambiguous prompts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises destructive delete endpoints for folders and signals, including an irreversible signal deletion, without requiring confirmation or warning guidance. In an agent setting, that creates a real risk of accidental destructive actions from ambiguous or misinterpreted user requests, leading to data loss or disruption of monitoring setups.

Natural-Language Policy Violations

High
Confidence
88% confidence
Finding
The skill includes user-facing workflow text that hardcodes a Russian-language UI label without opt-in or localization handling. While not a direct code-execution issue, it can mislead users, degrade reliability, and create unsafe agent behavior if the model assumes a specific locale or directs users through the wrong interface path.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal