ClawHub

anakin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Anakin web-scraping and research skill, but users should treat submitted URLs, prompts, and API keys as data shared with an external service.

Install only if you trust Anakin and the anakin-cli package. Do not use it with confidential internal URLs, regulated data, secrets, or sensitive research prompts unless you are approved to send that data to Anakin. Prefer setting ANAKIN_API_KEY through a secure local environment or secret manager, avoid pasting keys into shared chats or logs, and review any .gitignore or shell startup file changes before keeping them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README encourages use of scraping, search, and research commands but does not clearly disclose that user-supplied URLs, search queries, prompts, and retrieved page content may be transmitted to Anakin's external service. In an agent-skill context, this can lead users or downstream agents to send sensitive internal URLs, proprietary documents, or confidential prompts off-platform without informed consent, creating a real data exposure risk.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description is very broad and covers generic web/data tasks, which can cause the skill to be invoked for many unrelated requests without clear boundaries. In practice, that increases the chance the agent routes arbitrary browsing, scraping, or research tasks through this skill, sending user-provided targets and queries to an external service unnecessarily.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation does not warn that URLs, search queries, and research prompts are transmitted to the Anakin external API. This creates a data disclosure risk because users or downstream agents may submit sensitive internal URLs, private search terms, or confidential research topics without realizing that the data leaves the local environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to ask for a user's API key and shows commands to place that secret in shell startup files for persistence. This creates unnecessary credential exposure risk because secrets may be captured in chat logs, shell history, process listings, or plaintext dotfiles without any warning about secure handling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest requires an API key via ANAKIN_API_KEY but provides no user-facing notice about how that credential will be used, stored, or transmitted. Because this skill's purpose is external web scraping and AI search, the key will necessarily be sent to a third-party service, creating a real transparency and credential-handling risk even if this is likely standard product behavior rather than overtly malicious.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instructions normalize collecting a sensitive credential through natural-language interaction and then using it directly in shell commands. In an agent setting, this is dangerous because the credential may be retained in conversation transcripts, tool logs, command history, or other telemetry beyond the user's intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal