ClawHub

safe

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only defensive browsing-safety skill, with some broad logging and notification guidance users should configure carefully.

Install only if you want a conservative browsing-safety instruction set for the agent. Treat it as guidance, not a real browser or endpoint security product. Before relying on logs or email alerts, decide where logs are stored, how long they are kept, and ensure URLs, prompts, secrets, and page content are redacted where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill’s core promise is to automatically block dangerous requests, but this section introduces an override that permits execution when a user says it is safe. That creates a prompt-injection bypass path: a malicious page can socially engineer the user into authorizing exactly the behavior the skill is meant to prevent.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The FAQ explicitly states that the AI will lift the block if the user says 'this is safe, execute it,' which undermines the stated security model. In adversarial browsing contexts, attackers routinely instruct users to approve suspicious actions, so this behavior weakens the protection into a soft warning rather than an actual guardrail.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill proposes emailing security notifications to the user’s mailbox without defining consent, content minimization, or privacy controls. Email can expose URLs, detected payloads, or other sensitive browsing-derived data to additional systems and recipients, creating unnecessary data-sharing risk.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill mandates logging all security events and shows examples that include source URLs and detected request content. Because the skill operates on webpages and suspicious prompts, those logs may capture sensitive tokens, private URLs, user inputs, or malicious content that should not be retained broadly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal