ClawHub

Blacksnow

Security checks across malware telemetry and agentic risk

Overview

BlackSnow is not clearly malicious, but it needs review because it creates trading-oriented risk signals while using mock data, insecure HTTPS fetching, persistent storage, and loosely controlled external webhooks.

Use only in a sandbox or after code review. Fix TLS verification, disable or clearly label mock data, restrict webhooks to trusted HTTPS endpoints, and require human review before connecting outputs to trading, insurance, logistics, or policy workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The file-level docstring claims the harvester connects to real public data sources, but the implementation mixes one live source with two fabricated mock feeds. In a risk-intelligence or trading context, presenting synthetic signals as live data can mislead downstream systems, users, or models into treating invented events as real-world indicators, creating integrity and decision-making risk.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The procurement and labor harvesters generate fabricated signals while the skill is described as detecting real ambient risk signals. In this specific skill context, the output is framed as machine-readable, tradable risk primitives, so false data can directly contaminate analytics, trigger false alerts, or drive financial and operational decisions on invented inputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly declares external delivery channels (`webhook` and `streaming_api`) for generated risk signals but does not include any user-facing warning, consent, or transmission-governance language. In this skill's context, the output is commercially sensitive, potentially market-moving risk intelligence, so undisclosed or poorly governed outbound transmission increases the chance of unauthorized disclosure, compliance issues, and accidental dissemination to untrusted endpoints.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The helper `safe_fetch()` disables both hostname verification and certificate validation for all HTTPS requests, which makes every downstream network fetch vulnerable to man-in-the-middle interception and response tampering. In this skill, harvested data is turned into machine-readable risk primitives, so forged upstream responses could poison analytics, trigger false signals, or hide real ones.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The USASpending request creates a custom SSL context that disables certificate checks, exposing that request to interception and content spoofing. Because this code consumes external award data and converts it into internal signals, an attacker on the network path could inject false procurement records or manipulate timestamps and descriptions used by downstream systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The pipeline accepts a webhook URL from the CLI and sends generated risk primitives to that destination with no validation, allowlist, confirmation, or clear consent boundary. Because the skill processes potentially sensitive operational, legal, and human-derived signals, this creates an easy exfiltration path to an attacker-controlled endpoint and is especially risky in an automation context where operators may pass URLs without realizing data leaves the environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal