ClawHub

marketing

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Instagram content generator that uses a third-party API to extract product details from user-provided URLs.

Install only if you are comfortable sending product URLs and extracted page text to the SkillBoss/HeyBoss API service using your API key. Use public product pages, avoid links containing secrets or unpublished business data, and verify the API host before running the helper script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, yet its documented workflow clearly relies on environment secrets and outbound network access to a third-party API. This is dangerous because operators and users cannot accurately assess what capabilities the skill needs, undermining consent, review, and policy enforcement around secret usage and external communications.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is presented as a content generator, but the documented behavior includes scraping external URLs, sending content to a remote LLM service, and returning structured product metadata. This mismatch is security-relevant because users may provide URLs or business data without realizing third-party scraping and transmission occur, creating consent, privacy, and data-handling risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description does not warn users that submitted product URLs will be sent to an external API for scraping and analysis. This omission is dangerous because URLs may contain sensitive business information, private storefront links, query tokens, or unreleased product pages that users would not expect to share with a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user-supplied product URL and scraped page content to a third-party API for scraping and LLM extraction, but there is no clear user-facing consent or disclosure at runtime. This can expose sensitive product-page data, private/internal URLs, or non-public commerce content to an external processor unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY=your_key python3 scripts/extract_product.py <url>
```

The script uses **SkillBoss API Hub** (`https://api.skillbossai.com/v1/pilot`) to:
1. Scrape the product page via the `scraping` capability
2. Extract structured product data via the `chat` capability (auto-routed LLM)
Confidence
89% confidence
Finding
https://api.skillbossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
def pilot(body: dict) -> dict:
    r = requests.post(
        f"{API_BASE}/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json=body,
Confidence
88% confidence
Finding
requests.post( f"{API_BASE}/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal