ClawHub

Crewai Workflows

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it embeds a real-looking API key and sends business or customer content to a remote service while also saving full responses locally.

Review before installing or using with real business data. Rotate or replace the exposed API key if it is real, verify that you trust crew.iclautomation.me and its model providers, avoid sending secrets, personal data, or regulated content unless authorized, and remove or disable the automatic /tmp response saving if outputs may be sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill advertises shell-based execution patterns (`scripts/call_crew.sh`, `curl`) but does not declare permissions or clearly scope that capability. This creates a mismatch between apparent behavior and declared security posture, which can cause agents or reviewers to underestimate that the skill performs command execution and outbound network activity.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The documentation includes a concrete API key value and normalizes passing secrets directly on the command line. Embedding or encouraging direct handling of credentials risks secret leakage through source control, logs, shell history, screenshots, or downstream agent traces.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script writes the full remote service response to a predictable temp-path pattern under /tmp without data minimization or opt-in. Workflow responses may contain sensitive user prompts, generated content, trace metadata, or business data, and persisting them locally increases exposure to local disclosure, unintended retention, and mishandling on multi-user systems.

Vague Triggers

High
Confidence
91% confidence
Finding
The trigger language is extremely broad, covering almost any content generation or analysis task, which increases the chance the skill is invoked for unrelated or sensitive requests. Because the skill sends inputs to an external service and third-party models, over-broad activation expands unnecessary data exposure and weakens least-privilege behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation tells users to set and even pass API keys directly without any warning about sensitivity or leakage risks. This encourages insecure operational practices that can expose credentials to terminals, process listings, logs, shell history, and agent telemetry.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that workflows run on a dedicated server and use external models, but it does not clearly warn that user prompts and business data are transmitted off-platform to `crew.iclautomation.me` and providers like DeepSeek, Perplexity, and Gemini. Users may unintentionally send confidential, customer, or regulated data to third parties without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently persists the full API response to local storage without warning the user, which creates a transparency and privacy problem. Users may reasonably expect a wrapper script to print results only; undisclosed local retention can expose sensitive workflow inputs/outputs to other local processes, backup systems, or later forensic recovery.

External Transmission

Medium
Category
Data Exfiltration
Content
scripts/call_crew.sh marketing '{"topic": "mindfulness apps"}' "YOUR_API_KEY"
```

### Option 2: Direct cURL

```bash
curl -X POST "https://crew.iclautomation.me/crews/<crew_name>/run" \
Confidence
88% confidence
Finding
cURL ```bash curl -X POST "https://crew.iclautomation.me/crews/<crew_name>/run" \ -H "Content-Type: application/json" \ -H "X-API-Key: $CREWAI_API_KEY" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal