ClawHub

Clawhub Oneshot

Security checks across malware telemetry and agentic risk

Overview

This skill openly enables agents to spend money and contact people, but it lacks clear approval and spending boundaries.

Install only if you intend to give an agent payment-enabled real-world action tools. Use test mode first, prefer a dedicated low-balance CDP wallet over a raw private key, pin and review the npm/MCP packages, restrict which clients can access the MCP server, and require explicit approval for every purchase, outbound message, call, website build/update, data-enrichment request, and production payment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s invocation guidance is very broad, explicitly encouraging use for many generic real-world actions such as email, voice, SMS, research, and commerce. In an agent ecosystem, this increases the chance the skill is selected for sensitive or high-impact external actions without sufficient user confirmation, policy gating, or task scoping.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill exposes powerful external-action capabilities—email, SMS, voice calls, research, data enrichment, and commerce—without prominent warnings about privacy, consent, financial cost, data sharing, or irreversible side effects. Because this skill can initiate communications, process personal data, and spend funds, missing safety disclosures and guardrails materially increase the risk of unauthorized outreach, privacy violations, and unintended purchases.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal