ClawHub

model-info

Security checks across malware telemetry and agentic risk

Overview

This is a simple model-status skill that openly reports runtime details, with no executable code or hidden behavior found.

Install this only if you are comfortable with model, provider, endpoint/key-source, token/cost, session, and runtime details appearing in chat when invoked. Prefer explicit prompts like "model-info status" and avoid sharing its output publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises very broad trigger phrases such as "model info", "what model", and "which AI" without clear activation boundaries. In an agent environment, these generic phrases can cause unintended invocation during normal conversation, potentially exposing session/runtime metadata when the user did not explicitly request the skill.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "what model" is broad enough to match ordinary user conversation and can cause accidental invocation of this skill when the user is discussing models generally. In this skill, unintended activation is more dangerous because the advertised behavior is to reveal runtime and session metadata, so a benign conversation could unexpectedly disclose sensitive environment details.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises very broad invocation phrases such as 'what model', 'model status', and 'tell me about my AI backend', which can overlap with ordinary user conversation. In systems that auto-route based on fuzzy matching, this can cause unintended activation and disclosure of runtime or session details when the user did not explicitly intend to invoke the skill.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly offers to disclose sensitive runtime metadata including provider, API endpoint, API key source, session status, token usage, and runtime configuration in natural language. This creates an information disclosure risk because such details can help an attacker fingerprint the environment, infer secret-management practices, and tailor follow-on attacks; the claim of "100% accurate" direct access to session_status also increases concern rather than reducing it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal