ClawHub
Back to skill

Security audit

Cosmetics Advisor: Pengleni

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent Pengleni beauty-assistant API client that uses SMS login, a service token, and a local session file for its stated purpose.

Install this only if you intend to use Pengleni via phone/SMS login. Keep the service token, SMS code, and .session.json private, verify the configured API URLs, and delete the session file when you no longer need the session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal