ClawHub

Frost Sentinel Lite

Security checks across malware telemetry and agentic risk

Overview

This weather-alert skill is mostly purpose-aligned, but its privacy wording conflicts with sending location-derived data to Open-Meteo and using notification bridges.

Review before installing if location privacy matters. Only install if you are comfortable storing your ZIP/postcode or coordinates locally, sending location-derived forecast queries to Open-Meteo, and routing alerts through a local bridge that may forward messages through WhatsApp or Telegram.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation makes a strong privacy/security claim that the agent operates entirely locally and never sends data to third-party servers, yet elsewhere says it geocodes user location and queries the Open-Meteo API. This is a deceptive or inaccurate disclosure that can cause users to share location data under false assumptions, undermining informed consent and trust.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The guide describes automatic prompting and automated forecast/alert behavior without clearly defining trigger conditions, enrollment state, recurrence controls, or whether the user must opt in. Ambiguous autonomous activation can lead to unexpected network calls and unsolicited notifications, especially in an agent environment with notify and web_fetch permissions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill collects a ZIP/postcode, converts it to GPS coordinates, saves it locally, and sends automated messages, but the guide does not provide a clear privacy warning or explain data retention and external recipients. Location data is sensitive, and combining it with messaging behavior increases privacy risk if users are not clearly informed beforehand.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill defines both startup behavior and a daily cron job, but it does not clearly constrain when initialization runs, whether user prompting can recur, or how often location checks happen. Ambiguous trigger conditions can cause unexpected execution, repeated prompts, or unintended network access and notification behavior, which is a real security and privacy design weakness in an agent with local read/write and web access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill persistently stores a user's ZIP/postcode in settings.json without any disclosure of retention, purpose, or access controls. Location data is sensitive personal information, and silently storing it on disk increases privacy risk, especially in environments where other local tools or users may access the file.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends location-derived coordinates to an external weather API without explicitly warning the user that their geographic data will leave the local environment. Even if the destination is legitimate, undisclosed third-party transmission of location data is a real privacy issue and can violate user expectations or policy requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal