ClawHub

Geo Shield

Security checks across malware telemetry and agentic risk

Overview

This skill does not appear to seek sensitive access, but it can produce trust reports for websites without actually checking the website content.

Review before installing. The main risk is false confidence: the skill may show a credibility score and warnings for a URL even though it did not inspect that page. Do not rely on its reports for moderation, security, health, financial, or factual decisions unless the maintainer implements real page retrieval or clearly labels the tool as a demo.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The handler presents itself as checking the user-supplied URL, but it never fetches or analyzes that URL's actual content and instead scores a hard-coded sample article. This is dangerous because it produces authoritative-looking trust reports about arbitrary links that are unrelated to the real target, which can mislead users into trusting malicious content or dismissing legitimate sources based on fabricated analysis.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The handler presents a GEO-poisoning assessment for the user-supplied URL, but it never fetches or analyzes the target page and instead scores hardcoded sample text. This creates materially false security output that can mislead users into trusting or distrusting real content based on unrelated data, which is especially dangerous for a tool framed as a verification or fact-checking skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README includes natural-language trigger phrases such as '这个信息可信吗?https://example.com' and '检查可信度 https://example.com' that are broad enough to overlap with ordinary user conversation. In chat-based agents, this can cause unintended activation of the skill on normal messages, leading to unsolicited URL analysis, unexpected handling of user content, and increased risk of prompt-surface abuse via crafted messages.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The natural-language triggers are broad, everyday phrases such as asking whether information is trustworthy, which can match normal user conversation outside the intended explicit command flow. This can cause the skill to activate unintentionally on unrelated browsing or discussion content, expanding its execution surface and creating opportunities for prompt hijacking, misrouting, or denial-of-intent issues.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are generic security/help terms such as verification and source validation, which can overlap with ordinary user requests and cause the skill to activate unexpectedly. In a security-focused skill, unintended invocation can redirect normal conversations into this skill’s logic, creating prompt-routing confusion, possible denial of intended functionality, and increased exposure to any downstream unsafe behavior in the skill implementation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill outputs a polished detection report tied to the submitted URL, but the report is generated from hardcoded placeholder content without prominently warning the user. That is deceptive behavior for a security-oriented skill because it can cause users to act on fabricated analysis, undermining integrity and trust in downstream decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal