ClawHub

Parallel AI search

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Parallel AI CLI integration, but it asks agents to run an unverified remote installer and grants broad curl access, so it should be reviewed before use.

Install only if you trust Parallel and are comfortable with its CLI installer. Prefer the pipx path or manually inspect and verify the install script before running it, use a dedicated Parallel API key, do not paste secrets into chat or shell history, and confirm any monitor cadence or webhook destination before creating ongoing monitors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to install missing software by piping a remotely fetched script directly into a shell. That behavior exceeds the core search/research purpose and creates a supply-chain and arbitrary code execution risk if the remote endpoint, network path, or script contents are compromised. In an agent context, this is more dangerous because the installation step may be performed automatically rather than with informed user review.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The skill grants generic `curl:*` access even though its declared workflow is centered on `parallel-cli`. Unnecessary network-capable tooling broadens the attack surface and could be abused to fetch arbitrary payloads, exfiltrate data, or bypass intended CLI-only constraints. In this skill, that extra capability directly supports the remote install path, making the overbroad permission more concerning.

Missing User Warnings

High
Confidence
96% confidence
Finding
The installation instructions tell the agent to execute a remote shell script without any warning, verification, or approval gate. This is dangerous because it normalizes arbitrary code execution from the network and can lead to full host compromise if the script is malicious or altered in transit or at source. In an autonomous skill, the lack of an explicit warning materially increases risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs use of API keys and login flows without warning about credential sensitivity, storage, redaction, or avoiding echoing secrets into logs and chat history. In agent environments, careless handling of credentials can leak secrets through transcripts, shell history, process listings, or saved files. The skill context makes this more dangerous because authentication is a prerequisite to its web capabilities and may be performed interactively or via environment variables.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The webhook feature enables external delivery of monitored web events but does not warn about sending potentially sensitive or user-derived data to third-party endpoints. This can create privacy, compliance, and data-exfiltration risks, especially if monitor objectives include confidential URLs, search terms, or extracted content. The feature is more dangerous in this context because the skill is designed to gather and forward web-derived information over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal