ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This event-ticket skill is mostly mock code, but it advertises real ticket buying, wallet/NFT minting, calendar, and routing powers without clear consent or safety boundaries.

Treat this as a prototype or demo unless the publisher clarifies the real purchase, wallet, CrossMint, calendar, and maps flows. Do not connect payment, wallet, calendar, or minting credentials until the skill requires explicit confirmation for purchases and account changes, labels mock results clearly, narrows triggers, and documents data sharing and retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises `purchaseTicket` and cNFT minting as real transactional features but does not warn users that these actions may trigger irreversible blockchain transactions, wallet charges, or permanent asset minting. In an agent context, unclear documentation increases the risk that integrators or end users invoke purchase flows without understanding financial consequences, especially because wallet detection and live minting are explicitly promoted.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README describes calendar synchronization without explaining what event or user data may be sent to Google services or exposed through generated calendar links. While this is not an exploit by itself, it is a real privacy and transparency weakness because agent operators may enable the feature without understanding the third-party data-sharing implications.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises automatic ticket purchasing and calendar syncing, both of which can trigger external side effects involving money, third-party accounts, and personal data, but it does not clearly warn users about these consequences. In an agent context, vague automation language like 'handle everything automatically' increases the risk of unintended purchases, unwanted calendar modifications, or overbroad delegation without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example passes a user email into calendar sync without any privacy notice, consent language, or explanation that data may be transmitted to Google Calendar. Even in documentation, this normalizes handling personally identifiable information without disclosure and can lead integrators to build unsafe flows that expose user data or sync to accounts without proper authorization.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very generic phrases such as 'buy ticket', 'add to calendar', 'directions to', and 'get directions', which can easily appear in ordinary conversations and cause unintended skill activation. In this skill's context, accidental invocation is more dangerous because the advertised capabilities include account- and privacy-impacting actions such as ticket purchasing, calendar syncing, routing, and wallet interaction.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises sensitive capabilities including Google Calendar sync, route calculation, wallet handling, and ticket purchasing, but the manifest provides no user-facing consent, warning, or confirmation requirements for these actions. That increases risk of privacy leakage, unintended external API use, calendar modification, or financially impactful operations if the skill is invoked implicitly or by a confused user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal