ClawHub

Veritier Fact Checking

Security checks across malware telemetry and agentic risk

Overview

This is a coherent remote fact-checking integration, but users should assume submitted text, document URLs, and private references are sent to Veritier for processing.

Install this only if you trust Veritier to process the content you submit. Do not send secrets, regulated data, signed/internal URLs, or proprietary documents as private references unless your organization has approved that external processing. Keep API keys scoped and revocable, use test keys for integration testing, and pin/audit dependencies if you run the example code in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (15)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes verifying claims against live web evidence and checking web page URLs, but it does not clearly warn users that example scripts will transmit supplied text or URLs to a remote third-party API. This creates a real privacy and data-handling risk because users may submit sensitive prompts, documents, or internal URLs without understanding they are leaving the local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to connect an MCP client directly to a remote cloud endpoint and send an Authorization bearer token, but it does not clearly disclose that prompts, documents, claims, and verification inputs will be transmitted to a third-party service. In an agent-skill context, this omission can cause users to unknowingly send sensitive or regulated data off-platform, increasing privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the full contents of a 'private reference' document to a third-party API for claim verification, but the example does not clearly warn users that proprietary or internal data will leave their environment. In an enterprise context, this can cause accidental disclosure of sensitive policies, research, or internal documents to an external service, especially because the skill is explicitly marketed for private/internal references.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends a user-supplied URL to Veritier's external API for remote fetching and analysis without an explicit privacy notice or consent step. URLs can contain sensitive internal hostnames, private document locations, bearer tokens, query secrets, or other identifying information, so transmitting them off-box can leak confidential data even though the destination is a single hardcoded vendor domain.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to connect an AI agent to a remote fact-checking service that receives user text, documents, and an API key, but it does not clearly warn about privacy, retention, or third-party data handling. In an agent context, users may pass sensitive prompts, internal documents, or regulated data through the tool without realizing they are being transmitted off-system.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The proxy forwards user-supplied grounding_references, which may contain private text or URLs, to the external Veritier API without an explicit, user-facing disclosure at the point of tool use. In an MCP/agent setting, users may reasonably assume private references are processed locally, so this can lead to unintended third-party disclosure of sensitive material.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The verify_text path sends arbitrary user-provided text to the remote Veritier API, but the tool descriptions emphasize functionality and quota rather than clearly disclosing third-party transmission. In a fact-checking skill, users may submit confidential drafts, notes, or internal content, creating a real privacy and data-handling risk if they are unaware the text leaves the local environment.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The verify_document path transmits user-supplied document URLs to the Veritier API without clearly warning users in the tool description that the URL will be shared with a third party. While URLs are often less sensitive than raw text, they can still reveal internal document locations, private endpoints, or sensitive research targets.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends the full private reference text (`company_policy`) and user-supplied claims to a third-party external API, but the docstring/comments do not clearly warn that proprietary or internal document contents will leave the local environment. In an enterprise context, this can cause unintended disclosure of confidential policy, research, or regulated data if users assume 'private references' are processed locally or only metadata is transmitted.

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"text": "Your text here.", "grounding_mode": "web", "use_webhook": false}'

# Verification against private references
curl -X POST https://api.veritier.ai/v1/verify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
82% confidence
Finding
https://api.veritier.ai/

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.27
python-dotenv>=1.0
flask>=3.0
Confidence
93% confidence
Finding
httpx>=0.27

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.27
python-dotenv>=1.0
flask>=3.0
Confidence
89% confidence
Finding
python-dotenv>=1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.27
python-dotenv>=1.0
flask>=3.0
Confidence
94% confidence
Finding
flask>=3.0

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

Known Vulnerable Dependency: flask — 8 advisory(ies): CVE-2025-47278 (Flask uses fallback key instead of current signing key); CVE-2018-1000656 (Flask is vulnerable to Denial of Service via incorrect encoding of JSON data); CVE-2019-1010083 (Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory u) +5 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
flask

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal