ClawHub
Back to skill

Security audit

Cue Equity Research

Security checks across malware telemetry and agentic risk

Overview

The skill’s research purpose is clear, but it asks the agent to fetch and run mutable external code that uses a local Cue API key.

Install only if you are comfortable with the agent creating/updating ~/.cue/cue-skills and running code from the current upstream repository. Prefer pinning the runner to a reviewed commit, checking the repository before first use, and using a least-privilege Cue API key because the skill relies on ~/.cue/config.json and paid credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to `git pull` or clone and then execute a Python runner from a remote repository at runtime. That creates a supply-chain risk: repository compromise, forced updates, branch changes, or mirror tampering could result in unreviewed code execution on the user's machine. In this context, the danger is elevated because the fetched code is immediately used as an execution path for the skill.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The skill explicitly depends on a local API key stored in `~/.cue/config.json` and instructs use of a runner that reads it automatically. Any skill that normalizes access to local secrets increases the risk of unintended credential exposure, misuse by adjacent tooling, or exfiltration if the runner or fetched dependencies are compromised. This becomes more concerning because the same skill also fetches/upgrades code from remote repositories.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal