ClawHub

Connect Apps

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate app connector, but it routes users into a broad third-party integration that can perform real actions across many external accounts without enough built-in scoping or confirmation guidance.

Install only if you intentionally want Claude to operate connected external services. Review composio-toolrouter and Composio's data and OAuth practices separately, start with limited or test accounts, grant the narrowest scopes available, require explicit confirmation before any send/post/create/update/delete action, and know how to revoke both Composio and app-level access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill’s activation description is very broad and covers common tasks like sending emails, posting messages, and creating issues across many external services. In an agent system, this can cause over-triggering on ordinary user requests and route them into a capability that performs real external actions, increasing the chance of unintended side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly says it can 'actually send emails, create issues, post messages' but does not warn about real-world consequences or instruct the agent to obtain user confirmation before executing those actions. Because these actions affect external services and third parties, the lack of confirmation and safety messaging makes accidental or premature execution significantly more dangerous in context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal