ClawHub

PaperPod

Security checks across malware telemetry and agentic risk

Overview

PaperPod is a clearly described remote sandbox skill with powerful execution, public preview, and persistence features that are expected for its stated purpose.

Install only if you want your agent to use PaperPod's external paid sandbox. Treat the PaperPod token like a password, avoid sending secrets or private files unless necessary, do not expose sensitive or unauthenticated services, monitor running processes, exposed ports, browser sessions, memory contents, and billing, and clean up resources after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly exposes powerful capabilities including shell execution, file writes, long-running background processes, public port exposure, and persistent storage, but it does not include clear safety warnings or usage constraints for operators. In an agent setting, this increases the risk of unsafe execution, unintended data exposure, or destructive actions because users may invoke these capabilities without understanding their impact.

Missing User Warnings

High
Confidence
94% confidence
Finding
The port exposure section provides a one-step workflow to publish a local service and returns a public internet-facing URL, but it does not prominently warn that this can make development servers, admin panels, or unauthenticated apps accessible to anyone with the link. In a skill centered on isolated runtimes and live preview URLs, that omission materially increases the chance of accidental data exposure or unauthorized access.

External Transmission

Medium
Category
Data Exfiltration
Content
Tokens expire in **15 days**. Refresh before expiry:

```bash
curl -X POST https://paperpod.dev/auth/refresh \
  -d '{"token":"pp_sess_..."}'
```
Confidence
90% confidence
Finding
curl -X POST https://paperpod.dev/auth/refresh \ -d '{"token":"pp_sess_..."}' ``` --- ## Code Execution ### POST /execute Run Python, JavaScript, or shell code. ```bash curl -X POST https://pap

External Transmission

Medium
Category
Data Exfiltration
Content
Expose a port and get a public URL.

```bash
curl -X POST https://paperpod.dev/expose \
  -H "Authorization: Bearer $PAPERPOD_TOKEN" \
  -d '{"port": 8080}'
```
Confidence
95% confidence
Finding
curl -X POST https://paperpod.dev/expose \ -H "Authorization: Bearer $PAPERPOD_TOKEN" \ -d '{"port": 8080}' ``` **Response:** ```json { "url": "https://8080-abc123-p8080_v1.paperpod.work", "p

Session Persistence

Medium
Category
Rogue Agent
Content
| | `ppod write <path> [file]` | Write file (stdin if no file) |
| | `ppod read <path>` | Read file |
| | `ppod ls <path>` | List directory |
| **Processes** | `ppod start <cmd>` | Start background process |
| | `ppod ps` | List processes |
| | `ppod kill <id>` | Stop process |
| **Ports** | `ppod expose <port>` | Get public URL (-q for URL only) |
Confidence
84% confidence
Finding
Start background process

Session Persistence

Medium
Category
Rogue Agent
Content
| `POST /files/write` | Write file |
| `POST /files/read` | Read file |
| `POST /files/list` | List directory |
| `POST /process/start` | Start background process |
| `POST /process/list` | List processes |
| `POST /expose` | Get preview URL for port |
| `POST /memory/write` | Persist data |
Confidence
84% confidence
Finding
Start background process

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal