ClawHub

SpaceRouter

Security checks across malware telemetry and agentic risk

Overview

SpaceRouter is a clearly disclosed proxy-routing skill, but users should treat it as a third-party network path for only intentional, non-sensitive requests.

Install this only if you intentionally want selected traffic routed through Space Router. Keep SPACE_ROUTER_PROXY_URL secret, prefer per-command proxy options like curl -x over session-wide HTTP_PROXY/HTTPS_PROXY, avoid internal or sensitive destinations, unset proxy variables after use, and verify the SDK or CLI package provenance before installing optional packages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill actively encourages routing arbitrary HTTP traffic through a residential proxy to bypass IP-based blocking, but it omits warnings about privacy, terms-of-service, consent, and data-handling risks. In this context, the omission matters because the skill is specifically designed to mediate outbound traffic and could be used for scraping, access circumvention, or sending sensitive requests through a third-party network without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to store a full proxy URL containing live API credentials in an environment variable, but do not warn that such values can leak via shell history, process listings, debug logs, crash reports, CI output, or inherited subprocess environments. Because the credential is embedded in the URL, accidental disclosure immediately grants proxy access and may expose account usage or billing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions recommend exporting HTTP_PROXY and HTTPS_PROXY globally for the shell session without warning that every proxy-aware client in that session may silently begin sending traffic through the residential proxy. This is more dangerous in context because it can inadvertently reroute unrelated tools, authenticated API calls, package managers, or internal service requests through a third-party proxy, causing credential exposure, privacy violations, and operational breakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal