ClawHub

KallyAI Executive Assistant

Security checks across malware telemetry and agentic risk

Overview

KallyAI is a real executive-assistant style skill, but it gives a broad natural-language interface authority to place calls, send messages, book services, spend credits, and change account settings without clearly bounded approval rules.

Install only if you trust KallyAI and are comfortable delegating real-world communication and account actions to it. Review OAuth permissions, set explicit limits for spending, bookings, outreach, calls, and subscriptions, require confirmation before third-party contact or purchases, and regularly check active goals, inbound rules, connected channels, and stored tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
98% confidence
Finding
The skill advertises an extremely broad trigger scope, including catch-all phrasing like 'any delegation task' and many common activities. In an agent ecosystem, this can cause over-selection of the skill for ambiguous requests and lead to unintended execution of high-impact actions such as calls, emails, bookings, or account changes.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The phrase 'Handle this for me' is overly vague and overlaps with ordinary conversational language, making accidental invocation more likely. Because this skill can perform real-world actions across communications, bookings, and account management, ambiguous routing increases the chance of unintended delegation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Telling users or orchestrators to use 'ask' for most requests creates an overly permissive default path into a powerful coordination interface. That broad entrypoint can mask the boundaries of allowed operations and increase the risk that ambiguous user input results in external side effects.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes capabilities that can place calls, send emails, order services, alter calendars, and manage phone routing, but it does not prominently warn that these can trigger real external actions and modify live accounts or data. Users or upstream agents may treat it as informational rather than transactional, leading to unsafe or unintended operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal