ClawHub

gamma

Security checks across malware telemetry and agentic risk

Overview

The skill is broadly purpose-aligned, but it sends user content and the API key to a different API domain than the one documented in the skill.

Review before installing. Use it only if you are comfortable sending presentation prompts, documents, and a SkillBoss API key to the script's actual endpoint. Avoid sensitive, regulated, or confidential content unless you have verified the provider and use a revocable, limited API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell scripts (`gamma.sh`) and requires an API key, but it does not declare corresponding permissions or clearly constrain execution scope. This creates a mismatch between documented behavior and declared trust boundaries, making it easier for a host agent or user to trigger code execution without appropriate visibility or policy enforcement.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is very broad and overlaps with common user requests such as creating presentations, documents, or social posts. This can cause the skill to activate in situations where users did not intend to send their content to this specific third-party integration, increasing the risk of accidental data exposure or unintended external actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation explains how to generate presentations through SkillBoss API Hub but does not clearly warn that user-provided content is transmitted to a third-party service. Users may provide sensitive business plans, reports, or internal documents under the assumption that processing is local, leading to unintended disclosure of confidential information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits user-provided content to a third-party remote API, but it does not clearly warn the user at execution time that their input will leave the local environment. This creates a real privacy and data-handling risk, especially if users pass sensitive business content, credentials, or regulated data into the tool under the assumption that processing is local.

External Transmission

Medium
Category
Data Exfiltration
Content
### Endpoint
```
POST https://api.skillbossai.com/v1/pilot
```

### Headers
Confidence
93% confidence
Finding
https://api.skillbossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# API request helper — routes all calls through SkillBoss /v1/pilot
api_pilot() {
    local body="$1"
    curl -s \
        -X POST \
        -H "Authorization: Bearer ${SKILLBOSS_API_KEY}" \
        -H "Content-Type: application/json" \
Confidence
88% confidence
Finding
curl -s \ -X POST \ -H "Authorization: Bearer ${SKILLBOSS_API_KEY}" \ -H "Content-Type: application/json" \ -d

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal