ClawHub

Ag-earth

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Agent Earth integration, but it broadly sends user requests and context to a remote service that can choose and execute external tools with an API key.

Install only if you trust Agent Earth to receive task context and execute selected tools using your API key. Use a dedicated revocable key with quotas, avoid confidential prompts, and require the agent to show the chosen tool and arguments before execution, especially for finance, account changes, purchases, file conversion, or other side-effecting tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill's activation criteria include an expansive catch-all such as 'any scenario implying external information is needed,' combined with instructions to use this skill first. That can cause over-invocation of an external service, sending user prompts and conversation context to a third party even when unnecessary, increasing privacy exposure and the chance of inappropriate tool execution.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation instructs the agent to send full user queries and even injected conversation context to Agent Earth, but it does not provide a clear user-facing disclosure that their requests and contextual data are transmitted to an external service. In a context-aware tool-discovery skill, this omission is especially risky because multi-turn context may contain sensitive personal, financial, or location information that users did not expect to leave the assistant.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The eval prompts and expected outputs are entirely in Chinese and implicitly require Chinese-language interaction without any user choice, locale detection, or fallback behavior. In a primary tool-discovery skill, this can cause user intent mismatch, degraded usability, and incorrect tool selection or execution when the user operates in another language, especially because the skill is described as the default interface for many tasks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The spec documents an authenticated tool execution endpoint as the primary mechanism for solving user tasks, but it omits any warning or control guidance about side effects, trust boundaries, or the possibility that tools may perform external actions, access sensitive data, or incur costs. In this skill context, that omission is more dangerous because the skill is explicitly intended to be used first and to execute external tools on ambiguous, context-enriched user requests, increasing the chance of unsafe or over-broad actions.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The API key requirement is documented, but there is no guidance on secure storage, transmission boundaries, redaction, rotation, or prohibition on exposing credentials in prompts, logs, client-side code, or tool arguments. Because this skill is designed to broker external tool execution, poor credential handling could let an attacker or downstream tool obtain the API key and misuse the execution service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal