ClawHub

intelligence-radar

Security checks across malware telemetry and agentic risk

Overview

This sales-intelligence skill is purpose-aligned overall, but it asks users to share employee passwords in chat, sends data to a remote HTTP backend, caches tokens locally, and can modify customer records.

Install only if you trust the operator of the hardcoded backend and are comfortable sending sales queries, company names, and employee credentials through this skill. Prefer an out-of-band login flow, HTTPS endpoints, minimized prompt sharing, and a protected credential store before using it with real employee accounts or sensitive customer context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger set includes very broad everyday phrases such as '我想了解', '帮我准备', and '帮我分析', which can cause unintentional activation in normal conversation. In this skill, unintended activation is more dangerous because activation can lead to credential prompts, backend transmission of user text, and customer-side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill transmits raw user queries and company names to a remote backend and stores authentication tokens locally, but the user-facing description does not clearly disclose either behavior. This undermines informed consent and can lead users to reveal sensitive business context or credentials without understanding the data flow.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to collect employee credentials from chat, submit them to a remote service, and cache resulting authentication material for reuse. Handling passwords in conversational input is dangerous because it normalizes secret disclosure to the agent and creates opportunities for credential leakage, replay, or mishandling across sessions.

Ssd 3

High
Confidence
99% confidence
Finding
The parsing rules explicitly direct extraction of usernames and passwords from free-form user messages such as '我的账号是xxx,密码是xxx'. This greatly increases the chance that secrets are captured in transcript history, logs, model context, or downstream telemetry, and it encourages unsafe credential-sharing behavior.

Ssd 3

Medium
Confidence
95% confidence
Finding
Forwarding the user's full original input to the backend without minimization can expose unrelated sensitive information, including internal plans, customer details, or accidental secrets included in the prompt. The danger is elevated here because the skill is meant for sales intelligence, where prompts may contain commercially sensitive context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal