ClawHub

Offload Tasks to LM Studio Models

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps an agent use a configured LM Studio server, with some local privacy and logging considerations to manage.

Install this if you run and trust LM Studio. Before using it with private documents, confirm the API URL is localhost or another trusted endpoint, and be careful with --stateful and --log because they can retain task context or full prompt/response data locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README says the skill is automatically triggered for broad categories like summarization, extraction, brainstorming, and first-pass code review, which creates a wide and ambiguous activation scope. In an agentic system, this can cause the skill to be invoked on sensitive or inappropriate tasks, increasing the chance that private user content is sent to the local LM Studio server without clear user intent or review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README emphasizes local processing and privacy benefits but does not clearly warn that task contents are transmitted over a REST interface to an LM Studio server, typically via plain HTTP on 127.0.0.1:1234. Even when bound to localhost, this is still inter-process data exposure, and if the server is rebound or proxied, sensitive prompts or documents could be disclosed unexpectedly.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When the optional --log flag is used, the script appends the full request payload and full API response to a file, which can include prompts, sensitive source material, private model output, and metadata. In this skill's context, the tool is explicitly meant for privacy-sensitive and local-only workflows, so silent plaintext logging materially increases the risk of accidental data disclosure through shared directories, backups, or later inspection by other local users/processes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal