ClawHub

reportgama2

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent market-research report generator, but it can run broad web collection and mix estimated or fallback data into reports that may look authoritative.

Install only if you are comfortable with broad public-web searches and local report files. Before relying on the output, verify official registry, pricing, hospital, customs, and market-share claims yourself, because some records and numbers are estimates or fallback reference data rather than verified live facts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The module presents itself as performing deep competitor analysis, including market share and channel strategy, but the implementation only does basic scraping of search results and simplistic heuristics. In a market-research skill, this mismatch can mislead users into trusting low-quality or fabricated intelligence as if it were evidence-based, which can drive bad business decisions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The report generates market-share estimates from mention counts scraped from search and ecommerce pages, which is not a valid basis for market-share calculation. Because the skill is marketed as producing professional research reports, these unsupported quantitative claims could be consumed as authoritative analysis and materially distort commercial, procurement, or investment decisions.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
When live collection returns no data, the code silently fabricates estimated organizations and then mixes them into outputs that otherwise look like a real database. In a market-research skill, this can mislead downstream users into treating synthetic entities as verified institutions, causing materially false targeting, outreach, procurement, or compliance decisions.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The helper is documented as returning major hospital names, but actually constructs full organization records and injects estimated fields like bed counts. This mismatch increases the chance that callers treat partially inferred data as authoritative structured records, which can propagate false facts through reports and exports.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include broad generic requests such as market research/report generation terms that can match ordinary user intent too loosely. This can cause accidental activation of a powerful skill that performs multi-source scraping, network calls, and file generation when the user may only want a simple answer or high-level discussion.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation guidance says that when a user requests a market research report, the agent should proceed through parsing, depth selection, and execution, effectively treating many normal requests as implicit consent to run the skill. In context, this is riskier because the workflow performs broad external collection and generates artifacts, so ambiguous activation can lead to unintended data access, network activity, and local writes.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation advertises PDF export but does not clearly warn that the skill will create and write local files. While not inherently malicious, undisclosed file creation reduces user awareness and can cause surprise writes, overwrite risks, or storage of potentially sensitive research outputs on the local system.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The workflow examples default language handling to Russian for a Russia-related request without a clear user choice or consent, which can lead to unintended regional assumptions and searches against country-specific sources. This is mainly a consent and correctness issue rather than a direct exploit, but in a multilingual scraping/reporting skill it increases the chance of collecting from the wrong locale or producing outputs the user did not ask for.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "市场调研" is extremely broad and can match many ordinary user requests unrelated to this specific skill. That makes unintended invocation more likely, which can route users into a high-capability data-collection/report-generation workflow they did not explicitly request, increasing the chance of over-collection, confusion, or misuse of external research modules.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Several trigger phrases in this range are still broad or ambiguous, such as requests for generating market reports or competitor analysis, and could overlap with normal analytical conversations. In a skill that aggregates multilingual search, news, customs, pricing, social/community, and regulatory sources, ambiguous activation is more dangerous because it may initiate expansive research behavior beyond the user's intended scope.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The module creates a web-scraping session and later persists collected VK/Google results to local JSON files, but there is no explicit user-facing notice or consent flow about external network requests or disk storage. In a research/reporting skill that aggregates public content, this creates a transparency and privacy risk because operators may unknowingly transmit search terms and retain scraped data locally.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The session header hard-codes Accept-Language to Russian/English, overriding user locale without consent. While not a code-execution flaw, it can cause unwanted data exposure or misleading results by silently routing searches through a fixed linguistic context that may not match the user's intent or compliance requirements.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Google search URLs hard-code Russian-specific query parameters (`hl=ru&lr=lang_ru`) without exposing user choice. In this skill context, that can bias collection, leak regional intent, and reduce transparency because searches are always performed under a Russian-language profile regardless of operator expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal