ClawHub

Code Url Cleaner

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed formatting helper, but it automatically rewrites every agent response, including commands and paths, without clear user control.

Install only if you want an always-on output-rewriting hook. Review any generated command, URL, file path, code block, or formatting-sensitive text before copying or running it, and prefer a version with explicit enable/disable controls or visible change previews.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that all agent output is automatically cleaned after installation, but it does not warn users that this hook transparently intercepts and rewrites displayed content. That is risky because even small modifications to commands, file paths, or URLs can change meaning, hide corruption, or make users trust output that no longer matches the model's original response.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section shows automatic rewriting of shell commands and filesystem paths without any caution about safety or correctness implications. In this context, the skill is more dangerous because it operates on agent output globally and invisibly, so users may copy modified commands or paths that differ from what the agent originally produced, potentially causing execution errors, unintended behavior, or masking malicious/incorrect output.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises automatic hook registration that affects all agent output on load, but the documentation does not provide a clear opt-in, disable mechanism, or strong warning about the scope of modification. A load-time hook that rewrites every response can silently alter commands, code, or security-relevant text, creating integrity and trust risks for downstream users.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module auto-registers a `before_output` hook at import time, causing all later agent output to be silently modified without an explicit opt-in at the moment of activation. In a skill ecosystem, import-time side effects are risky because merely loading the module changes agent behavior globally, which can conceal content tampering, alter commands/URLs, and make downstream safety review or incident debugging harder.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal