ClawHub

Digital Labour

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote API client for business automation, but users should treat submitted inputs as data sent to an external service.

Install only if you trust the Digital Labour endpoint and are authorized to send the relevant business data to it. Avoid submitting secrets, regulated personal data, financial records, resumes, or customer data unless your policies allow external processing; set DIGITAL_LABOUR_API_URL and DIGITAL_LABOUR_API_KEY carefully, and review batch and pipeline inputs before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'req' from os.environ.get (line 40, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
data = json.dumps(payload).encode("utf-8")
    req = urllib.request.Request(url, data=data, headers=_headers(), method="POST")
    try:
        with urllib.request.urlopen(req, timeout=120) as resp:
            return json.loads(resp.read().decode("utf-8"))
    except urllib.error.HTTPError as e:
        body = e.read().decode("utf-8", errors="replace")
Confidence
97% confidence
Finding
with urllib.request.urlopen(req, timeout=120) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and requires capabilities to read environment variables, read local files for batch inputs, and send data over the network to a remote API, but it does not declare permissions or provide an equivalent explicit trust boundary. This is dangerous because users may invoke the skill without realizing that local content and environment-derived configuration can be transmitted off-host to a third-party service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation encourages sending support tickets, bookkeeping records, CRM/contact data, invoices, resumes, business plans, and scraped content to a remote API, but it does not prominently warn that these inputs may contain sensitive personal, financial, or confidential business information that leaves the local environment. In this business-automation context, the risk is elevated because the listed use cases naturally involve customer data, internal documents, and commercially sensitive material.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script takes arbitrary user-supplied JSON inputs and POSTs them to a remote third-party API without any explicit warning that data will leave the local environment. In an automation context, users may pass customer records, leads, documents, or business data, creating a real privacy and compliance risk if they do not realize the transmission boundary.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This runner automatically transmits all pipeline inputs to a third-party cloud API, but the CLI provides no clear warning, consent prompt, or data classification guardrail. In this skill context, users may pass client documents, outreach data, research material, or onboarding files, so silent remote transfer increases privacy, compliance, and accidental data leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal