ClawHub

Agent Escalation (Webhook)

Security checks across malware telemetry and agentic risk

Overview

The skill does its stated escalation job, but it can send full troubleshooting context through a webhook to preset recipients without clear redaction, consent, or recipient-scoping safeguards.

Review before installing. Use this only in an environment where the local gateway, supervisor agent, and Telegram recipient are intended and trusted. Configure the recipient and supervisor explicitly, use a narrowly scoped HOOKS_TOKEN, and do not send credentials, cookies, access tokens, personal data, customer content, or full logs unless the user has approved that disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to execute a shell script via `bash`, but the metadata does not declare any corresponding shell/exec permission. This creates a capability mismatch that can bypass review expectations and increases the risk of command execution being available without explicit authorization controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that the supervisor receives a dedicated session with the 'contexte complet' and that the response is relayed onward, but it provides no minimization, consent, or sensitive-data handling guidance. In an escalation workflow, this can cause unnecessary transmission of secrets, personal data, client content, tokens, or internal errors to another service or person, expanding exposure beyond the original interaction boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal