ClawHub

One API key. 70+ models. Route requests to GPT, Claude, Gemini, Qwen, Deepseek, Grok and more.

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward LLM gateway client that sends user-requested prompts and image references to AIsa using an API key.

Install only if you are comfortable sending selected prompts, conversation history, function schemas, and image URLs or image data to the AIsa gateway and possibly downstream model providers. Use a dedicated API key, monitor costs, and avoid submitting secrets, regulated data, internal URLs, or private images unless AIsa's privacy and retention terms meet your needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly demonstrates sending user prompts and an image URL to a third-party API endpoint, but it does not warn users that their inputs and referenced resources are transmitted off-platform. In an agent skill context, this can lead to accidental disclosure of sensitive prompts, internal data, or private image locations because users may assume examples are local-only or provider-native.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation encourages sending prompts and images to api.aisa.one but does not prominently warn that user content is transmitted to a third-party provider. This is dangerous because users may unknowingly submit sensitive text, files, or image content, creating privacy, compliance, and confidentiality risks. The multimodal examples increase exposure because images often contain hidden sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal