ClawHub

LobstrHunt

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about its LobstrHunt integration, but it can make public votes and flags using the user's identity without clear per-action approval.

Install only if you are comfortable with an agent polling LobstrHunt, tracking skill usage, and using your LobstrHunt identity for public votes or flags. Prefer requiring explicit approval or at least notifications before any vote, flag, or review is submitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill claims reviews are always shown to the human before posting, but it also grants direct review-posting capability with no enforceable guardrail or approval mechanism. In an agent setting, natural-language policy alone is weak, so the agent could post public content without confirmed user consent, causing reputational harm or disclosure of usage details.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The document says the human 'makes the calls,' yet it instructs autonomous upvoting and flagging on the user's behalf. These are public actions tied to the user's identity/API token, so allowing them without prior consent can misrepresent user intent and create unwanted moderation or reputation consequences.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough that the skill may activate in unrelated conversations about skills or trends, increasing the chance of unintended network access or autonomous platform actions. In this skill's context, accidental invocation is more concerning because it can lead to external requests and user-attributed voting behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs automatic voting using the user's bearer token and public GitHub handle, but the documentation does not present this as a prominent upfront warning or explicit consent requirement. Users may unknowingly authorize public endorsements, which can affect reputation and create trust or policy issues if the votes are inaccurate or manipulated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal