ClawHub

Dogfood

Security checks across malware telemetry and agentic risk

Overview

This is a useful web-app testing skill, but it can actively change authenticated apps and stores session/evidence files without enough explicit user control.

Install only if you are comfortable giving the agent active browser-testing authority on sites you own or are authorized to test. Use staging or test accounts where possible, set a narrow scope, explicitly forbid destructive or public-facing changes unless intended, and treat auth-state.json, screenshots, videos, console logs, and reports as sensitive files to protect or delete after the run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description includes very broad trigger phrases such as 'find issues', 'test this app/site/platform', and 'review the quality of a web application', which can overlap with ordinary user requests and cause the skill to activate unexpectedly. Because this skill has browser-driving and shell tool access, unintended invocation could lead to unnecessary navigation, data capture, or interaction with sensitive applications the user did not mean to dogfood formally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly saves authenticated browser state to `auth-state.json` and instructs collection of screenshots and videos throughout testing, but it does not require warning the user that these artifacts may contain session tokens, personal data, internal pages, or secrets displayed in the UI. In a QA context this is especially risky because testing often occurs against real accounts or staging systems with sensitive business data, so stored evidence can become a durable privacy and credential exposure artifact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal