ClawHub

Scientific Internet Access

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed proxy-finding and formatting utility, with security-sensitive use cases but no artifact-backed evidence of hidden access, exfiltration, or destructive behavior.

Install only if you intentionally want help finding and testing public proxy nodes. Free proxy nodes can inspect, block, or tamper with traffic, so avoid sensitive accounts, banking, work credentials, or private communications through them. Non-Chinese users should also verify they can understand all setup warnings before following the configuration steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'output_path' from os.environ.get (line 133, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
print(f"Total: {len(all_nodes)}, Unique: {len(unique)}, Protocols: {protocols}")
    result = {"scraped_at": datetime.now().isoformat(), "total": len(unique), "protocols": protocols, "nodes": unique}
    os.makedirs(os.path.dirname(output_path), exist_ok=True)
    with open(output_path, 'w', encoding='utf-8') as f:
        json.dump(result, f, ensure_ascii=False, indent=2)
    print(f"Saved {len(unique)} nodes to {output_path}")
Confidence
92% confidence
Finding
with open(output_path, 'w', encoding='utf-8') as f:

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger set is extremely broad and includes many common phrases, causing the skill to activate in ordinary conversation about VPNs, Telegram, Google access, or censorship topics. In this skill's context, unintended activation is more dangerous because activation leads directly to scripted command execution and prescriptive proxy guidance, increasing the chance of unprompted risky actions.

Natural-Language Policy Violations

High
Confidence
92% confidence
Finding
The skill explicitly forces Chinese output and pushes Chinese Telegram localization even for English-speaking users, without consent. This can mislead users, reduce comprehension of security-relevant instructions, and manipulates client settings in a way the user did not request; in a network/proxy setup flow, misunderstanding configuration steps can materially increase safety and privacy risk.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The handler presents only Chinese-language prompts and defaults users into a recommended path without offering any language choice or documenting a required locale. In a security-sensitive proxy/VPN distribution skill, this increases the chance that users misunderstand warnings, consent prompts, or configuration steps, which can lead to unsafe use of untrusted nodes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal