ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill transparently enables real US phone calls and local ClawCall state storage, which is sensitive but aligned with its stated purpose.

Install only if you want an agent that can place real US phone calls through ClawCall. Review or delete ~/.config/clawcall/key.json if you do not want the saved API key or phone number retained, and give the agent explicit limits before calls involving bookings, cancellations, payments, identity verification, or sensitive personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to persist both a ClawCall API key and the user's phone number in a local file, but it does not require clear user notice, consent, retention limits, or secure handling guidance. This creates a real privacy and secret-management risk because a long-lived local secret plus personal contact data can be reused for account linking, outbound calls, or handoff flows if the host is shared, compromised, or the user did not expect storage.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill is designed to place real outbound phone calls and even auto-provision an API key on the first unauthenticated call, yet the instructions do not impose a prominent confirmation or warning step before triggering these external actions. In a voice-calling skill, real-world actions have direct external consequences such as contacting third parties, incurring charges, exposing user identity, or creating unintended account state, so silent or weakly signaled execution is risky.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The contract exposes highly sensitive call artifacts (`transcript` and `recording_url`) but does not document any consent, retention, access-control, or user-warning requirements around retrieving and handling that data. In a phone-calling skill, transcripts and recordings can contain private personal, financial, medical, or account information, so normalizing access to them without explicit privacy safeguards increases the risk of inappropriate disclosure or over-collection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example includes a full date of birth in call instructions, which is sensitive personal data that could be exposed in logs, transcripts, example reuse, or copied user prompts without any privacy warning or minimization guidance. In this skill's context, phone calls often involve identity verification, so normalizing inclusion of high-sensitivity identifiers in examples increases the chance that users or downstream agents will disclose more personal data than necessary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file explicitly recommends periodic polling of inbound call history for user-authorized agents, but it does not require a clear user-facing consent flow or warning that this access can expose sensitive call metadata and potentially transcripts. In a telephony skill, inbound histories may contain personal, business, or confidential information, so silent background polling increases privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to persist the user's phone number in a state file or host secret store without telling the agent to obtain explicit consent, disclose retention, or minimize storage. Because phone numbers are personal data and this skill is built around telephony workflows, silent persistence increases privacy and compliance risk, especially if the number is later reused for callbacks or handoffs the user did not expect.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction to save an `api_key` from the response normalizes credential persistence without any guardrails on secure storage, scope, redaction, or lifecycle. API keys are authentication secrets; if stored in logs, transcripts, ordinary state, or weak storage, they can be reused to place calls, access call data, or abuse the account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The live handoff section again directs persistence and reuse of bridge/callback numbers without explicit user notice or consent. In this context, reuse of a saved phone number can lead to misdirected live calls, unintended disclosure that the user is interacting with a business, and broader privacy issues if the number is stale, shared, or no longer desired for contact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal