ClawHub

KallyAI Executive Assistant (Claude Code)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real KallyAI CLI, but it gives broad authenticated authority to trigger real-world calls, emails, bookings, orders, account changes, and phone routing from loosely scoped requests.

Install only if you are comfortable giving KallyAI broad delegated authority over communications, bookings, spending-related tasks, phone routing, and account settings. Before using `ask`, require explicit confirmation for recipients, calls, emails, purchases or orders, bookings, cancellations, subscription changes, and phone-number changes; review KallyAI privacy and retention terms; use it only on trusted machines; and run logout or revoke access when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger list is extremely broad and overlaps with ordinary user intents such as search, schedule, messages, email, assistant, coordinate, and book. This increases the chance the skill is invoked in situations where users did not specifically intend to hand control to an external service capable of contacting third parties, accessing communications, or spending money.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The workflow guidance includes catch-all examples like handling a task for the user with no constraints on scope, approval, or allowed actions. In this skill, such ambiguity is riskier because the backend can place calls, send emails, make bookings, and perform other external actions based on natural-language requests.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation promotes autonomous real-world actions including calls, bookings, bills, rides, food orders, errands, and phone number management without prominent warnings about costs, data sharing, third-party contact, and account effects. Users may reasonably interpret the skill as routine assistant functionality and not realize it can trigger consequential external actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The natural-language ask command is described as creating goals, making calls, and sending emails automatically based on plain English, with no nearby warning about side effects or external data disclosure. Because it is positioned as the preferred path for 80% of usage, it materially increases the chance of unreviewed real-world actions from vague prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal