ClawHub

SUPAH Research Intelligence

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate research API skill, but it needs Review because broad prompts can send user content to a third-party paid service and incur automatic micropayments with unclear consent and pricing boundaries.

Review before installing. Use it only with an x402 client that enforces per-call and total spending limits, confirm the real pricing with the publisher, keep SUPAH_API_BASE on a trusted HTTPS endpoint, and avoid submitting confidential claims, internal URLs, secrets, personal data, or proprietary research topics unless you accept sending them to the configured provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README encourages very broad natural-language triggers such as "Research the latest AI breakthroughs" and "Verify this claim," which can easily overlap with ordinary chat requests. In an agent environment, that ambiguity can cause the skill to activate unexpectedly and send user prompts or embedded URLs to the external research backend without a clear, deliberate opt-in from the user.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README states that the skill is powered by external `api.supah.ai` research endpoints and supports sending claims and URLs for analysis, but it does not prominently warn users that their research queries and supplied URLs are transmitted to a third-party service. This creates a privacy and data-handling risk because users may submit sensitive topics, internal URLs, or confidential claims under the assumption the processing is local.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The usage examples are very broad and could cause the agent to invoke this paid external research service for loosely related user prompts without clear boundaries, exclusions, or confirmation. In practice, that can lead to unintended transmission of sensitive query content and unexpected micropayment charges, especially in autonomous or tool-using agent contexts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description highlights research capabilities but does not clearly warn that user prompts may be sent to an external third-party paid service. This is dangerous because users or upstream agents may disclose confidential or regulated information under the assumption processing is local, while also unknowingly triggering x402 payments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The research command sends arbitrary user topics to a remote service without any explicit notice or consent mechanism. In an agent setting, topics may contain sensitive prompts, internal project names, or proprietary questions, so silent exfiltration to a third-party API creates a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Claim verification transmits raw user-provided claims to an external API with no explicit warning that the content leaves the local environment. Claims may include confidential allegations, legal matters, incident details, or customer data, making this especially risky in an agent workflow where inputs can be automatically sourced from sensitive context.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The credibility command sends user-supplied URLs to a third-party endpoint without a clear data-sharing warning. While URLs are often less sensitive than free-form text, they can still reveal internal hosts, private documents, pre-release resources, or investigative targets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Report generation sends user topics externally without explicit disclosure, and report topics are likely to be broader, strategic, or more sensitive than simple queries. In this skill context, that makes unintended disclosure more dangerous because agents may forward internal research goals or confidential business subjects to the vendor.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal