ClawHub

Composio Integration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Composio integration, but it exposes live-looking credentials and personal account identifiers while enabling sensitive Gmail and task actions.

Review carefully before installing. Do not use the embedded key or account IDs; treat them as compromised. Prefer a revised version that removes personal identifiers, requires your own scoped credentials, limits allowed tools/accounts, and asks for explicit confirmation before sending email, deleting email, or bulk-changing tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directly exposes a live API key, credential storage paths, and shell initialization details in a Markdown file. This enables immediate unauthorized access to Composio-connected services and also reveals where additional secrets may be stored, greatly increasing the blast radius beyond simple documentation leakage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document advertises active Gmail and Google Tasks accounts, associated email address, and high-risk capabilities such as reading, sending, deleting emails, and modifying tasks, but provides no approval, least-privilege, or safety guidance. In context, this is dangerous because the same file also exposes authentication material, making the documented destructive and privacy-invasive operations readily exploitable.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script issues a Gmail search action through a third-party backend using a fixed connected account ID and then prints the returned email data, but provides no disclosure or consent prompt that mailbox-derived data may be queried and transmitted. In an agent-skill context, this is more dangerous because it can access a linked Gmail account implicitly and expose message metadata or contents through logs or downstream systems without clear user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal