ClawHub
Back to skill

Security audit

Ai Fact Checker

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent fact-checker, but it under-discloses web-search data sharing and uses an unsafe shell command that crafted input could abuse.

Review this before installing. Do not use it on secrets, private documents, personal data, or proprietary text unless you are comfortable with search queries leaving your machine. Avoid running it on untrusted pasted text until the shell invocation is replaced with a safer structured API or execFile-style call and the skill adds explicit privacy notice and consent for web searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly advertises联网搜索 and fact verification but does not warn users that submitted text may be transmitted to external search services. Because users may paste sensitive prompts, drafts, or proprietary documents for checking, this creates a real privacy and data-handling risk through unintended disclosure to third-party providers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example for fact-checking a local document encourages users to analyze a file path but gives no warning that the file's contents or derived claims may be sent off-box during web verification. In context, this is more dangerous because users may reasonably assume local-file analysis stays local, leading to accidental exposure of confidential material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied text is converted into search queries and sent to an external web search tool without any notice, consent, or minimization. If the input contains sensitive, proprietary, or regulated data, the skill can unintentionally exfiltrate that data to third-party services during verification.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/fact-check.js:32