ClawHub

Hannah & Elena client skill for coworker integration by Sokosumi

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed connector to external Hannah and Elena AI services, with normal third-party data-sharing and API-key handling risks but no artifact-backed malicious behavior.

Install only if you are comfortable sending task prompts, campaign details, and optional attachments to Serviceplan/sumike.ai. Do not send secrets, regulated data, customer data, or confidential documents unless your organization approves that third-party processing. Store API keys through a secure secret mechanism where possible, keep them out of source control and logs, and verify the installed package source because the reviewed bundle does not include the referenced dist runtime files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The skill documents two incompatible API models: an async task API and a direct chat/completions API. This ambiguity can cause agents or integrators to send requests to unintended endpoints, mishandle authentication or polling logic, and potentially leak prompts, attachments, or sensitive business data to the wrong interface or logging path.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide repeatedly places bearer tokens directly on command lines and later recommends verbose/debug modes, but it does not warn that secrets passed this way can be exposed via shell history, process listings, terminal scrollback, CI logs, or copied troubleshooting output. Although the examples use placeholders, the documented usage pattern encourages unsafe secret-handling practices that can lead to real credential leakage when users substitute live keys.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README encourages users to send natural-language requests over email and receive attachments, but it does not warn that prompts, business data, and uploaded content are being shared with an external third party. This creates a real data-handling and privacy risk because users may disclose confidential or regulated information without understanding the trust boundary, and returned attachments can also introduce content-handling risk.

Missing User Warnings

Low
Confidence
73% confidence
Finding
The README tells users to place API keys in environment variables but gives no accompanying guidance on protecting those credentials. While using environment variables is common practice, omitting basic security advice can still lead to accidental disclosure through shell history, logs, screenshots, shared environments, or process inspection in weakly isolated systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages sending email requests and file attachments to external addresses without an explicit warning that prompts, documents, and attachments leave the local system and are processed by third-party infrastructure. This creates a real risk of accidental exfiltration of sensitive internal data, especially because email is less constrained than API-based structured calls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs agents to place API keys in shell exports and .env files without emphasizing secure secret handling, least privilege, or avoiding logging and persistence. In agent environments, this can lead to credentials being written to transcripts, shells, repos, or workspace files, enabling unauthorized reuse of the external service accounts.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal