ClawHub

Call Geo Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GEO workflow skill that uses external model tools and saves project artifacts, with no evidence of hidden code, credential access, or destructive behavior.

Install only if you are comfortable with brand, product, prompt, URL, and generated-content details being sent to external model tools and saved in wiki-style project documents. Review generated logs and HTML before sharing, and avoid using confidential customer data or unreleased business plans unless those downstream tools are approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to perform broad web querying, collect large numbers of URLs, and treat returned external links as inputs for later workflow steps, but the stated capability is only a generic GEO agent. This creates scope creep and increases the chance of unnecessary external data access, prompt leakage, and uncontrolled collection of third-party content without clear user consent or minimization.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow repeatedly sends user-derived product information, prompts, and processed queries to external tools such as call_gpt_5 and call_gpt_5_online, while also collecting returned URLs and references. Without an explicit warning or consent gate for external transmission, sensitive business information may be disclosed to third-party services and persisted in downstream logs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow repeatedly sends user-derived product information, prompts, and processed queries to external tools such as call_gpt_5 and call_gpt_5_online, while also collecting returned URLs and references. Without an explicit warning or consent gate for external transmission, sensitive business information may be disclosed to third-party services and persisted in downstream logs.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly requires persistent logging of all prompts, model outputs, URLs, references, and user-provided product information into wiki documents and final deliverables, with instructions not to omit or filter content. This creates a clear risk of over-retention, sensitive data exposure, and propagation of third-party content or confidential user material into durable artifacts beyond what is necessary for task completion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal