ClawHub

Router9

Security checks across malware telemetry and agentic risk

Overview

Router9 is a disclosed API-wrapper skill that sends user-selected media, prompts, and files to Router9 services, with no evidence of hidden behavior or automatic local data collection.

Install only if you trust Router9 with the media, prompts, and files you choose to process or store. Keep the API key private, avoid sending secrets or regulated data unless appropriate, and be careful with upload, download output paths, and delete commands because the CLI does not add extra confirmation safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tainted flow: 'put_req' from pathlib.Path.read_bytes (line 173, file read) → urllib.request.urlopen (network output)

High
Category
Data Flow
Content
put_req = urllib.request.Request(upload_url, data=file_data, method="PUT")
    put_req.add_header("Content-Type", mime)
    try:
        with urllib.request.urlopen(put_req) as _resp:
            pass
    except urllib.error.HTTPError as e:
        # Clean up orphan DB record
Confidence
89% confidence
Finding
with urllib.request.urlopen(put_req) as _resp:

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages transcription, OCR, image analysis, generation, and file storage operations through Router9 APIs but does not warn that user-provided audio, images, text, and files may be sent to a third-party service. This omission creates a real privacy and compliance risk because users may unknowingly submit sensitive or regulated data off-box.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented delete capability permanently removes stored files but provides no warning that the action is destructive, may be irreversible, and should require confirmation. In an agent setting, this raises the risk of accidental or socially engineered deletion of user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The describe and OCR commands base64-encode and transmit the full contents of a local image to Router9, but the CLI provides no explicit user-facing warning that local files leave the machine. In an agent environment, this increases the risk of unintentional disclosure of sensitive screenshots, scans, IDs, or documents when the skill is invoked on local paths.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The upload command is an explicit arbitrary-file exfiltration primitive: it will send any readable local file to remote storage with no path restrictions or user confirmation. In the context of an agent skill that may be driven by higher-level instructions, this is more dangerous because it can be used to extract secrets, credentials, source code, or private data from the host filesystem.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The delete command permanently removes a remote stored file without any confirmation or safety interlock. In an agent setting, mistaken or malicious prompts could trigger irreversible loss of user data stored in Router9-backed storage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal