ClawHub

Clawhub Publish

Security checks across malware telemetry and agentic risk

Overview

This Vercel deployment skill is mostly about its stated purpose, but it also gives agents broad production and security-setting authority that users should review before installing.

Install only if you are comfortable with an agent operating your Vercel account. Before use, require explicit confirmation for production deploys, aliases, project creation, and any change to SSO, password protection, or trusted IP settings; avoid pasting broad Vercel tokens into chat and prefer scoped tokens or normal Vercel CLI authentication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill includes a workflow to remove SSO, password protection, and trusted IP restrictions from a Vercel project, which materially weakens access controls and is unrelated to ordinary deploy/edit tasks. In this context, these instructions could expose internal or protected sites to the public without adequate user review or warning.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill reads a Vercel auth token directly from a local credential file and reuses it for API calls, which is unnecessary for the stated purpose and expands credential exposure. Accessing stored secrets without explicit user consent is sensitive behavior, and combining it with outbound API requests increases the risk of misuse or accidental leakage.

Vague Triggers

High
Confidence
91% confidence
Finding
The auto-activation triggers are overly broad, matching generic mentions like 'landing page' or 'update site' that may occur in unrelated tasks. This raises the chance that the skill activates outside its intended scope and performs Vercel-specific auth, deployment, or configuration actions when they are not appropriate.

Missing User Warnings

High
Confidence
98% confidence
Finding
Removing SSO, password protection, and trusted IP restrictions without a prominent warning can cause users to unknowingly expose protected applications or staging environments. In a deploy skill, this is especially risky because it presents a destructive security change as routine operational guidance.

Missing User Warnings

High
Confidence
98% confidence
Finding
Removing SSO, password protection, and trusted IP restrictions without a prominent warning can cause users to unknowingly expose protected applications or staging environments. In a deploy skill, this is especially risky because it presents a destructive security change as routine operational guidance.

Ssd 3

High
Confidence
96% confidence
Finding
The skill instructs the user to paste a Vercel access token directly into chat, which is an insecure secret-handling pattern. Tokens shared in conversation histories may be retained, exposed to logs, or accessed by other tooling, creating unnecessary credential risk.

Ssd 3

High
Confidence
98% confidence
Finding
The workflow extracts a stored authentication token from Vercel's local auth file for reuse in direct API requests, which bypasses safer abstractions and increases the blast radius of the credential. This is particularly risky because the token is then used to alter project security settings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal