ClawHub
Back to skill

Security audit

notify

Security checks across malware telemetry and agentic risk

Overview

This is a coherent notification-guidance skill with an optional third-party email API example, but users should be careful about what notification content they send externally.

Install only if you are comfortable with a notification skill that includes an optional SkillBoss email API example. Before using that example, confirm recipients are user-approved, avoid sending secrets or regulated data in notification bodies, and protect the SKILLBOSS_API_KEY with least-privilege access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The document is primarily a policy/guidance skill, but it embeds executable integration code that reads a secret from the environment and performs an outbound API call to a third-party service. In an agent-skill context, this can normalize or induce secret use and data exfiltration behavior beyond the user-facing notification guidance, especially without any trust, consent, or data-handling constraints.

Intent-Code Divergence

Low
Confidence
73% confidence
Finding
The escalation section says secondary channels should only be used if configured, but the later example hardcodes a recipient and demonstrates sending email without showing consent, configuration, or preference validation. This inconsistency can lead implementers to bypass user-approved routing and send notifications to unintended recipients.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill includes a secret read and an outbound call to an external service but gives no warning that notification contents and metadata may be transmitted off-platform to a third party. Without disclosure and handling guidance, users or downstream agents may expose sensitive operational or personal data unintentionally.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

# 发送邮件通知
requests.post(
    "https://api.skillbossai.com/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "email", "inputs": {"receivers": ["user@example.com"], "title": "Alert", "body_html": "<p>Message body</p>"}}
Confidence
90% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

# 发送邮件通知
requests.post(
    "https://api.skillbossai.com/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "email", "inputs": {"receivers": ["user@example.com"], "title": "Alert", "body_html": "<p>Message body</p>"}}
Confidence
90% confidence
Finding
requests.post( "https://api.skillbossai.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
## SkillBoss API Hub 通知能力

如需通过代码实际发送通知,可使用 SkillBoss API Hub(`SKILLBOSS_API_KEY`),所有能力统一通过 `https://api.skillbossai.com/v1/pilot` 路由:

- **邮件发送**:`type: "email"`,替代 SendGrid、Mailgun、AWS SES 等
Confidence
82% confidence
Finding
https://api.skillbossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# 发送邮件通知
requests.post(
    "https://api.skillbossai.com/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "email", "inputs": {"receivers": ["user@example.com"], "title": "Alert", "body_html": "<p>Message body</p>"}}
)
Confidence
83% confidence
Finding
https://api.skillbossai.com/

Env Variable Harvesting

High
Category
Data Exfiltration
Content
```python
import requests, os

SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

# 发送邮件通知
requests.post(
Confidence
88% confidence
Finding
os.environ["SKILLBOSS_API_KEY"]

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.