ClawHub

Rental Management

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Taiwan rental-management guide, but it tells users to collect and retain highly sensitive tenant identity and financial records without privacy, consent, storage, or deletion safeguards.

Review carefully before installing or using. If used, treat it as a checklist draft only: verify Taiwan rental and privacy-law requirements, collect the minimum tenant data needed, avoid tenant-with-ID photos unless legally required, get clear consent/notice, store records securely with limited access, and define deletion dates for all identity, salary, credit, and guarantor documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The SOP recommends taking and retaining a photo of the tenant together with their ID card, which creates an unnecessary concentration of highly sensitive personal data and identity-verification material. In a rental-management context this increases privacy, identity theft, and misuse risk, especially because the document provides no minimization, retention, consent, or storage-security controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The SOP instructs collecting sensitive documents such as ID copies, employment proof, salary records, credit reports, and guarantor financial data, but gives no guidance on lawful basis, consent, minimization, storage security, retention period, or disposal. That omission makes overcollection and mishandling likely, exposing tenants and guarantors to privacy harm, fraud, and regulatory issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guidance to conduct recurring inspections and to photograph the tenant with their ID encourages intrusive monitoring and sensitive-record creation without any warning about consent, notice, proportionality, or privacy limits. In landlord-tenant relationships, this can normalize abusive surveillance practices and create evidence stores that are highly damaging if misused or leaked.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal