ClawHub

Food Safety Sentiment Monitor (Kevin)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed prototype for food-safety sentiment monitoring, with some quality, disclosure, and dependency risks but no evidence of malware or hidden control.

Install only if you are comfortable with a prototype that scrapes public social-platform pages and may send scraped event text to a configured AI provider. Treat the output as a demo, verify any claimed incident independently, update and pin Playwright, and avoid adding API credentials unless you understand the provider data-sharing implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The top-of-file documentation frames the skill as a monitoring system for food safety public sentiment. However, beyond crawling and risk analysis, the code includes `generateResponsePlan()` that outputs a concrete crisis-response statement for a brand, which is a different operational intent from monitoring alone.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code constructs a prompt containing the full serialized `events` data and sends it to a remote chat completion API. While there are console logs about test execution, there is no disclosure that scraped social-media content and associated metadata may be transmitted to a third-party model provider.

Natural-Language Policy Violations

Low
Confidence
97% confidence
Finding
The generated response plan is always returned in Chinese, and the file contains no opt-in, fallback, or explanation that the skill is intentionally limited to Chinese-language use. This can violate language/locale policy when users are not given a choice or informed of the restriction.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "Kevin(凯文老师) <maifieldai@gmail.com>",
  "license": "MIT",
  "dependencies": {
    "playwright": "^1.40.0"
  }
}
Confidence
40% confidence
Finding
"playwright": "^1.40.0"

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
80% confidence
Finding
playwright==1.40.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal