ClawHub

Agent Briefing

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Not For Humans TV helper that fetches public show data from the expected website, with no evidence of hidden persistence, credential access, destructive behavior, or unrelated authority.

Install only if you are comfortable with the skill making on-demand requests to notforhumans.tv and using that public remote content in agent responses. Treat fetched transcripts and reviews as untrusted external content, and avoid invoking the digest or transcript commands in workflows that must remain local-only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to run scripts that fetch data from notforhumans.tv, but the skill does not declare any permissions or clearly surface that network access is required. This creates a transparency and governance problem: an orchestrator or user may invoke a skill believing it is local-only when it actually performs outbound requests and potentially recurring monitoring.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
A description-behavior mismatch is a real security concern because users and calling agents rely on the description to understand what the skill will do. If the implementation also performs connectivity/setup verification and exposes a Trust Score not described in the manifest, it can cause unauthorized data handling, misleading outputs, or hidden behavior outside the user's informed consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README explicitly instructs users to run scripts that fetch data from a remote domain, but it does not clearly warn that installation and normal use will cause outbound network requests and retrieval of untrusted remote content. In an agent/autonomous context, that omission matters because operators may assume a local-only skill, while transcripts and indexes from the remote site could change over time and influence downstream automation or prompt inputs.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to activate on generic requests like checking what is new, product ratings, or daily monitoring, which can cause the skill to run in contexts the user did not intend. Because the skill performs external network access, overbroad routing increases the chance of unnecessary outbound requests and unintended disclosure of user interest or task context.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill text says 'No setup required' and emphasizes zero configuration, but it does not clearly warn that the scripts make outbound requests to notforhumans.tv and may be used for recurring checks. This weakens informed consent and can surprise users or host systems that need to control network use or scheduled monitoring.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal