ClawHub

Opencli Rs

Security checks across malware telemetry and agentic risk

Overview

This skill is a powerful automation hub, but its broad account/browser/desktop authority and unclear install provenance need human review before use.

Review before installing. Confirm which upstream project you intend to trust, pin and verify the package or binary instead of using latest or curl-to-shell, use a dedicated browser profile or test accounts, disable auto-update/keep-alive unless needed, and require explicit approval before posting, deleting, messaging, following, blocking, downloading in bulk, sending local files/code, or invoking developer/infrastructure CLIs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation encourages browser automation, social posting, downloading, account actions, and desktop application control across many services without prominent warnings about credential exposure, unintended posting, data exfiltration, rate limits, or local system effects. In an AI-agent context, these capabilities are especially sensitive because the agent may act on authenticated sessions and local apps with minimal user review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly promotes AI-driven control of desktop applications and downloading/managing content, but it does not consistently warn users that these actions can expose private data, send sensitive input to other applications, or persist third-party/user data locally. In an agent-integration context, missing privacy and data-impact warnings increases the chance that an autonomous system performs intrusive actions without informed consent or appropriate safeguards.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The workflow examples write JSON outputs and reports to local files using fixed names and shell redirection, but they do not warn about storing potentially sensitive collected data or overwriting existing files. In an automated agent setting, this can lead to unintentional retention of user data, disclosure through insecure storage, or accidental clobbering of existing artifacts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The desktop control example sends prompts and a local file (`--file mycode.py`) into another application and reads back responses, but it omits any explicit warning that source code or other sensitive content may be transmitted outside the current trust boundary. For an AI agent skill, this is particularly risky because agents may automate these actions at scale and expose proprietary code, secrets, or personal data without user awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The content download workflow performs filtered batch downloads of third-party content into a local directory without warning about local storage growth, copyright/privacy implications, or actions taken under the user's logged-in account/session. In an agent context, automated bulk downloading can create compliance, account-abuse, and data-retention risks even if the commands are functioning as intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal