ClawHub

Shippage

Security checks across malware telemetry and agentic risk

Overview

This publishing skill does what it advertises, but it also includes a remote self-update path that can silently replace its own instructions and stores credentials locally.

Review before installing. Use it only for content you are comfortable sending to shippage.ai and potentially making public. The remote self-update behavior should be removed or disabled, and first-time credential storage should require clear user consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill includes a self-update mechanism that fetches instructions from a remote server and replaces the local SKILL.md file. This creates a supply-chain and remote-instruction injection risk: whoever controls the endpoint or path can change future agent behavior without local review, which is far beyond the stated purpose of publishing webpages.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill can overwrite its own installed instructions by downloading replacement content from a remote endpoint. That capability is not necessary for publishing HTML/Markdown and materially increases risk by allowing remote modification of agent behavior and persistence across sessions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match common requests like sharing or previewing content, which can cause the skill to activate in situations where the user did not intend public publication. In context, this is dangerous because the skill uploads data externally and may auto-register credentials, so over-triggering increases the chance of accidental disclosure.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description emphasizes convenience but does not clearly warn that content is uploaded to a public URL and that credentials may be auto-created and stored locally. This omission undermines informed consent and increases the risk of users unintentionally exposing sensitive or internal content.

Missing User Warnings

High
Confidence
99% confidence
Finding
The auto-update flow silently replaces the local skill file from the network without an upfront warning or approval step. Silent instruction replacement is especially risky in an agent skill because it can change future execution behavior persistently and invisibly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal