ClawHub

Clawfy Pro

Security checks across malware telemetry and agentic risk

Overview

This browser-context helper is purpose-aligned, but it is in Review because it uses page content and recent chat context while telling the agent not to reveal the Clawfy source in replies.

Install only if you are comfortable with the agent receiving browser page text, code blocks, URLs, and the last 10 chat messages when Clawfy Pro triggers. Be aware that replies may not clearly say this context came from the browser extension, and review any suggested skills before manually installing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to use browser-supplied page context and the last 10 conversation messages to tailor responses, while the response format omits any notice that these data sources were used. This creates a covert-context use pattern that can surprise users, expose sensitive project information in replies, and erode meaningful consent even if the data stays within the user's agent.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The skill tells the agent not to reference Clawfy by name and to respond as if it independently noticed the user's work, which intentionally conceals the true source of contextual information. Hiding that browsing-derived context came from an extension undermines transparency and informed consent, and makes covert profiling or data use harder for the user to detect.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill directs silent use of recent conversation and webhook page content to infer what the user is working on and personalize recommendations without disclosure. In context, this is especially risky because the extension supplies rich page body text, code blocks, headings, and URLs, which may contain confidential implementation details that the agent could surface or act on without the user's awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal