ClawHub

Fleet Embeddings

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for using a local Ollama fleet router, with broader but openly disclosed fleet features that users should treat carefully.

Install only if you are comfortable running ollama-herd as a local fleet service on port 11435. Treat embedding text, prompts, tags, audio, and optional image or transcription requests as data that may move through trusted fleet nodes and appear in local logs or dashboards; use non-sensitive tags and confirm before pulling models or enabling optional features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is marketed as embeddings-focused, but it also documents general chat completion, image generation, speech-to-text, model pulling, and monitoring endpoints. This scope expansion increases the attack surface and may cause an agent or user to invoke capabilities that exceed the stated purpose, violating least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Including image generation in an embeddings skill introduces unrelated capability that could be invoked unintentionally or abused through overly broad routing. Because the skill frames itself as a narrow utility, exposing media-generation endpoints creates unnecessary functionality and weakens user consent and safety assumptions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Speech-to-text is unrelated to the declared embeddings purpose and broadens the skill beyond its stated operational scope. That mismatch can lead to unintended processing of sensitive audio data under a skill the user may only trust for text embeddings.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
General LLM inference is a materially different capability from embeddings and can trigger much broader data handling and model behavior than users expect. Bundling it into this skill undermines principle-of-least-surprise and can enable overbroad invocation paths.

Vague Triggers

Low
Confidence
81% confidence
Finding
The invocation description is broad enough to match many common RAG, knowledge-base, and semantic-search requests without clear limits. Overbroad activation can cause the skill to be selected in contexts where its wider fleet APIs and side effects are not appropriate.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages attaching metadata tags for analytics but does not warn that those tags may be stored in logs or exposed through dashboard monitoring endpoints. Users may place project names, customer identifiers, or other sensitive context into tags, creating avoidable data leakage risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal