ClawHub

Traffic Standards Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it embeds a mandatory shared authentication token and encourages broad automatic use of an external API, so users should review it before installing.

Install only if you are comfortable sending transportation-standard queries and relevant prompt context to solvexpert.net. Treat both the Solvex API key and the documented searchAuthToken as sensitive, avoid using confidential bid or internal project text without redaction, and prefer explicit user approval before the agent calls the external API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation discloses a hard-coded shared `searchAuthToken` and presents it as mandatory for all users. Publishing a reusable authentication token in a public skill enables unauthorized third parties to access the backend service, bypass normal per-user authentication controls, and potentially consume quota or access data under the provider's trust boundary.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill advertises that only an API key is required, but the examples and parameter table show a second mandatory `searchAuthToken`. This mismatch hides a privileged credential dependency from users and reviewers, making it easier to smuggle a shared secret into normal usage and weakening transparency around the real authentication model.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The documentation embeds a fixed mandatory `searchAuthToken` and states that requests will fail without it, which effectively exposes a shared secret in public-facing docs. This creates a hidden second authentication factor that can be reused by anyone reading the skill, undermining access control and enabling unauthorized use of the backend search service when combined with a valid or leaked API key.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document first claims the API uses only API-key authentication, then later requires both an API key and a body `searchAuthToken`. This contradiction is security-relevant because it conceals a real authentication dependency, encouraging unsafe integrations and making it harder for users to properly protect all sensitive credentials.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger condition is extremely broad: it instructs the agent to proactively use this skill for many common writing tasks whenever transportation-related content appears. In practice, that can cause unintended activation and unnecessary transmission of user prompts or draft proposal content to the external Solvex service without a clear need or user confirmation, increasing privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that natural-language questions are sent to an external API-backed RAG knowledge base, but it does not prominently warn that user content may leave the local environment. If users include sensitive proposal text, bid details, or internal project information, the skill could exfiltrate that data to a third party without informed consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The API reference exposes a mandatory authentication token directly in request parameters and example payloads without labeling it as sensitive or warning against reuse. Publishing operational credentials in examples normalizes secret disclosure, increases the chance of uncontrolled third-party use, and makes downstream leakage through logs, screenshots, prompts, and repositories more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal