ClawHub

gpu-cluster-monitor

Security checks across malware telemetry and agentic risk

Overview

The listing says this is a GPU cluster monitor, but the reviewed files implement a Docker/Playwright web scraper for arbitrary websites.

Do not install this if you are looking for GPU cluster monitoring. Only consider it as a web-scraping skill, in an isolated environment, for public URLs you are authorized to scrape, and only after verifying the missing Docker build setup and the legal/site-policy implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code claims to capture YouTube transcripts/subtitles, but if that fails it silently returns the page description instead. This mismatch can cause downstream consumers to treat unrelated page text as transcript data, creating data integrity and privacy issues because the description may contain different or broader content than the user expected to extract.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill does not define when it should or should not be invoked, so an agent could over-apply it to broad scraping tasks or to targets the user did not clearly authorize. In a skill explicitly designed for 'deep web scraping' and bypassing protections on sites like YouTube and X/Twitter, ambiguous trigger scope increases the chance of unsafe or policy-violating use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill lacks a clear warning that scraping complex third-party sites may collect sensitive data, violate site terms, or trigger legal and privacy issues. Because the skill emphasizes 'interception-level raw data' and 'penetrate protections,' users and calling agents are not adequately warned about the elevated risk of handling personal, copyrighted, or otherwise sensitive retrieved content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal