ClawHub

Comonyx Admin

Security checks across malware telemetry and agentic risk

Overview

This admin skill appears purpose-aligned, but it can email sensitive company exports or arbitrary local attachments without strong scoping or confirmation safeguards.

Install only if you trust the publisher and will use it in a controlled admin environment. Before sending any email or export, verify the recipient list, attachment path, and data contents manually; avoid using arbitrary local file paths and prefer restricting attachments to a dedicated export directory. This is not classified as malicious because the risky behavior matches the admin/email purpose, but the safeguards are too weak for sensitive company data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill can send reminder emails to multiple company recipients after only collecting a subject/body template, without an explicit bulk-send warning or final confirmation step. In an admin workflow handling real company data, this raises the risk of accidental mass emailing, unintended disclosure, or spam-like behavior if the filter or template is wrong.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to email exported company files and to rely on SMTP configuration from a local .env file, but it provides no explicit privacy, authorization, or data-handling warning before transmitting potentially sensitive business data to an external recipient. In an admin/export skill, this increases the risk of unauthorized disclosure or accidental exfiltration if the wrong recipient or file path is used.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest describes powerful administrative capabilities—sign-in, bulk company retrieval, filtering, export, and email sending—without clearly constraining when the skill should activate or what explicit user authorization is required. In an agent setting, overly broad activation language increases the risk of the skill being invoked in unintended contexts, leading to unauthorized data access, export, or outbound communications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly supports emailing exports and sending reminder emails but does not warn users that company data may be transmitted to external recipients or that the skill can initiate outbound email. Because this is an admin skill handling company/compliance/KYC-related records, missing disclosure and confirmation controls materially increase the risk of accidental data exfiltration, privacy violations, or unauthorized contact with third parties.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script can send emails and exfiltrate an arbitrary local file specified by ATTACHMENT_PATH without any confirmation, allowlist, or recipient validation. In an agent skill context, this is dangerous because the action transmits potentially sensitive exports or other local files to an externally configured address with no user-facing disclosure at execution time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal