ClawHub

Teamo Lite Offline

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill can automatically search, scrape URLs, and hand tasks to other agents without asking first, which is broader than users may expect from an “offline” skill.

Review before installing. Use this skill only if you are comfortable with automatic web searches, URL scraping, and delegation to other agents for broad categories of tasks. Avoid using it with private documents, credentials, internal URLs, or sensitive code unless your agent runtime enforces approval and data-minimization rules for external tools and agent handoffs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
94% confidence
Finding
The workflow triggers are so broad and overlapping that the skill may activate or choose a path for many unrelated requests, including unclear requests and essentially any code-related prompt. That can cause unintended delegation, searching, scraping, or agent handoff without clear user intent, increasing the chance of unnecessary data exposure and tool misuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly directs online information gathering, search, scraping, and transfer to other agents, but it does not warn users that their prompts or attached content may be sent to external tools or services. This creates a real risk of silent data exfiltration, especially because the instructions also discourage asking for consent when the task appears completable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal