ClawHub

Pilot Feedback Collector Setup

Security checks across malware telemetry and agentic risk

Overview

This setup skill does what it says, but users should redact customer feedback before routing it to Slack or webhooks.

Before installing, inspect the dependent skills separately, use only trusted `pilotctl` and `clawhub` binaries, verify all handshake targets and webhook/Slack destinations, and avoid sending raw customer identifiers, ticket URLs, or unredacted feedback text to shared or external channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly routes customer feedback to Slack and webhooks, which are external destinations, but provides no guidance on data minimization, redaction, consent, or handling of potentially sensitive content. In a feedback pipeline, free-form submissions can easily contain PII, account details, support context, or other sensitive business/customer data, so normalizing and forwarding it externally without safeguards creates a realistic privacy and data-leak risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example commands publish records containing a customer identifier, raw complaint text, and a support ticket URL, demonstrating a workflow that propagates identifiable customer feedback across agents and into alerting channels without any warning or sanitization step. Example payloads in setup docs strongly influence operator behavior, so this can normalize unsafe handling of production customer data and increase the chance of disclosure to broad Slack channels or external webhook receivers.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly configures routing customer feedback to Slack channels and external webhooks, but provides no warning that feedback data may contain personal data, support content, or sensitive business information. In this context, the omission is security-relevant because the router role is designed to transmit analyzed feedback outside the local agent environment, increasing the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow example publishes raw feedback containing a customer identifier and free-form text, demonstrating transmission of potentially sensitive data without any guidance on anonymization, minimization, or consent. Example commands in setup skills are often copied directly, so this normalizes unsafe handling of customer data and can lead to privacy leaks across agents or downstream integrations.

VirusTotal

No VirusTotal findings

View on VirusTotal