ClawHub

Flowise

Security checks across malware telemetry and agentic risk

Overview

This Flowise skill is a coherent API helper, but it can send prompts, files, API keys, and action-style script/device parameters to a configured Flowise server without clear safety gates.

Install only if you trust the Flowise server and every configured flow. Review TOOLS.md flow mappings carefully, require explicit user approval before uploads or script/device actions, and keep API keys in protected secret storage rather than chat or shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented `form` example includes a `script` field and a `device` target, indicating the skill can drive downstream flows that perform script/device actions rather than simple messaging. That materially expands the operational scope from chat/workflow interaction into potential remote action execution, which could be abused if a dangerous flow is selected or user input is passed through unchecked.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs sending user prompts to Flowise over REST but does not warn that user content will leave the agent environment and be processed by another service. This can lead to unintentional disclosure of sensitive prompts, conversation history, session identifiers, or override parameters to a server the user may not fully trust.

Missing User Warnings

High
Confidence
98% confidence
Finding
The file upload example sends local documents to the Flowise server without any warning about data transfer, sensitivity, retention, or server trust boundaries. This is especially dangerous because users may assume local analysis while the example actually transmits document contents externally, enabling accidental exfiltration of confidential files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow tells the operator to collect and use an API key but does not provide guidance on secure handling, storage, redaction, or avoidance of echoing secrets into logs and chat transcripts. This increases the risk of credential leakage through configuration files, shell history, or user-visible outputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal