Back to skill

Security audit

ClawInsight

Security checks across malware telemetry and agentic risk

Overview

ClawInsight is a disclosed survey-integration skill, but it pushes agents to guess and bulk-submit user-attributed personal answers with weak review friction.

Review before installing. Only use this skill if you are comfortable with profile details and reviewed survey answers being sent to ClawInsight, and do not approve guessed or quoted answers without checking them carefully. Store the API key in a secure secret store rather than a plain local file, and use the dashboard or account-deletion flow if you stop using the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation describes repeated network interactions with an external service, but the skill has no declared permissions to make those capabilities explicit. Hidden or undeclared network capability weakens platform transparency and consent because users and reviewers cannot accurately assess what data leaves the agent environment. In this skill, the missing declaration matters because registration, task retrieval, answer submission, earnings checks, and account actions all rely on outbound requests carrying user data or API credentials.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill claims every answer is user-reviewed and approved, but it instructs the agent to generate answers for all questions, including guesses when uncertain. This creates a strong risk of fabricated personal data being presented in bulk for quick approval, which can result in false statements about the user being transmitted externally under the appearance of consent. The context makes this worse because the skill monetizes survey responses and optimizes for one-message approval.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation contains contradictory instructions: one section says uncertain answers should be skipped, while another mandates answering every question even if unsure. Contradictions in data-sharing logic are dangerous because the more permissive instruction tends to win in practice, leading the agent to submit speculative personal data despite earlier privacy assurances. In a survey skill, this can produce inaccurate profiling and deceptive downstream data sharing.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The module claims that all data submissions require explicit user approval, but the implementation does not enforce any approval gate before sending registration data, profile data during task claims, or survey responses. In an agent setting, this mismatch can cause personal data or user-generated content to be transmitted automatically based on caller behavior, undermining informed consent and creating privacy and compliance risk.

Ssd 3

Medium
Confidence
88% confidence
Finding
The skill authorizes drafting from the current conversation and prior chat history, creating a pathway for personal details disclosed in natural conversation to be repurposed into externally shared survey answers. Even with an approval step, broad reuse of chat history increases the chance of contextual leakage, especially when users are nudged to approve batched answers quickly rather than inspect each one carefully.

Ssd 4

Medium
Confidence
93% confidence
Finding
The workflow is designed to maximize convenience by drafting all answers at once, encouraging the user to reply 'OK' to submit everything, including guessed answers. This reduces meaningful review and creates dark-pattern-like consent, where the user may approve inaccurate or overly revealing content without noticing. Because the data is sent to an external research platform, weak review UX directly raises privacy and integrity risk.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill explicitly encourages quoting user statements in survey responses, which can semantically leak conversation content to an external party even if raw transcripts are not sent. Quotes often preserve unique phrasing, preferences, or contextual details that can reveal more than the stated data boundary intends, undermining anonymization claims.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.