ClawHub

Skylv Api Error Handler

Security checks across malware telemetry and agentic risk

Overview

This is a local API error helper whose main caution is that the optional log command stores raw error text on disk.

Install only if you want a local CLI-style API error analysis helper. Avoid using the log command with API keys, bearer tokens, cookies, personal data, full payloads, or sensitive stack traces, and periodically inspect or delete .api-errors.json in directories where you run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger keywords (`error`, `retry`, `api`, `exception`, etc.) are broad enough that the skill may activate in many unrelated contexts. In an agent ecosystem, unintended invocation can expose internal error details, create noisy or misleading automation, or cause unnecessary logging of sensitive operational data when users did not intend to use this skill.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest trigger phrase `api error handler` is generic and insufficiently scoped, which increases the chance of accidental activation by other tools or user prompts containing similar wording. In a self-healing ecosystem, ambiguous invocation is more dangerous because it can chain into other automation, amplify incorrect handling, or log/store error information unnecessarily.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The log command writes user-supplied error and context strings directly to a local JSON file without sanitization, minimization, or warning. In an API error-handling context, those strings may contain secrets, tokens, request payloads, internal hostnames, or personal data, creating a local sensitive-data exposure risk if the file is read by other users, committed to source control, or retained longer than expected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal