ClawHub

Shuttle AI Chatbot

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local AI-service client, but it may forward prompts and batch-file contents over unencrypted HTTP to a configurable network endpoint without clear enough disclosure.

Install only if you trust the configured AI service endpoint and network. Avoid sending secrets, credentials, private documents, or sensitive batch files unless you have verified the URL, transport security, and who operates the service. Prefer localhost or HTTPS endpoints where possible, and treat the Review bucket as a prompt to inspect the URL handling and documentation before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation states that URL validation was added to restrict requests to localhost or private IPs, but the current documented interface still accepts an arbitrary `--url` value and even shows examples using alternate hosts. This mismatch can lead users or integrators to assume SSRF-style protections exist when they may not, enabling connections to unintended internal or external services if the implementation follows the documentation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README documents sending queries directly to a local AI service over plain HTTP but does not clearly warn users that their prompts and batch-file contents are transmitted to that service. This can lead to unintended disclosure of sensitive data, especially if users assume processing is purely local, isolated, or otherwise privacy-preserving; the risk is somewhat elevated because the default URL is a specific private-network host rather than localhost.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill explicitly supports direct API calls to a user-supplied or default local HTTP endpoint and accepts free-form query and batch file inputs, but the manifest provides no disclosure that those contents will be transmitted to another service. This creates a real data-exposure risk because users may assume processing is local to the skill/runtime rather than forwarded over HTTP to a separate service, potentially leaking sensitive prompts or file contents to an unintended host on the local network.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal