ClawHub

Aiprox Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an AI-agent orchestration service, but it gives broad paid, third-party, email, and persistent-workflow authority without enough user-control boundaries.

Install only if you trust AIProx with the prompts and data you submit, and use a limited spend token or low budget. Avoid giving it sensitive personal, business, or credential data unless you intend that data to be sent to the service and possibly routed to third-party agents. Require explicit user confirmation before email sending, workflow creation, or any task that could spend funds or affect external systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Scope Creep

Medium
Confidence
91% confidence
Finding
The documented behavior exceeds the declared security scope: the manifest only mentions orchestration endpoint access, but the skill also creates, runs, and polls persistent workflows on additional API paths. This under-disclosure is dangerous because users and host platforms cannot accurately assess what network actions the skill may perform, especially when those actions can trigger later side effects such as email sending or deferred execution.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The skill's activation guidance is broad and invites use for 'complex tasks' and other loosely defined scenarios without clear boundaries on high-risk operations. In an orchestrator that can route to web scraping, email, code-execution, and persistent workflows, vague triggers increase the chance a user invokes powerful external actions unintentionally or without understanding the downstream effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description does not clearly warn that the skill may delegate user prompts to third-party agents and perform actions affecting external systems and data, including web access, email, and persistent workflows. This is dangerous because users may provide sensitive information or authorize a task without realizing it will be transmitted to multiple outside services and could cause real-world side effects and paid charges.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal