ClawHub

DevTool Answer Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LLM answer-monitoring workflow with optional API calls and no hidden or unrelated behavior found.

Install only if you are comfortable with a local Python virtual environment and optional provider API calls. Start with quickstart replay or manual paste mode if you do not want networked model calls, keep API keys in environment variables rather than chat, review OPENAI_BASE_URL before using a gateway, and consider pinning dependencies if you need reproducible installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest identifies the skill as "visibility-monitor" while the provided skill metadata describes "devtool-answer-monitor" with a more specific purpose. This kind of identity and purpose mismatch can cause the wrong skill to be loaded, reviewed, or trusted, undermining provenance checks and creating opportunities for confusion, policy bypass, or accidental execution of unintended capabilities.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This code sends raw query text to whichever provider is configured through an OpenAI-compatible base URL, including third-party gateways, without any built-in disclosure, consent prompt, or sanitization step. In a monitoring tool, query pools may contain proprietary prompts, internal project names, or sensitive business context, so silent transmission to external services creates a real confidentiality and compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
jsonschema>=4.22.0
matplotlib>=3.8.0
Confidence
91% confidence
Finding
openai>=1.30.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
jsonschema>=4.22.0
matplotlib>=3.8.0
Confidence
91% confidence
Finding
jsonschema>=4.22.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
jsonschema>=4.22.0
matplotlib>=3.8.0
Confidence
88% confidence
Finding
matplotlib>=3.8.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal