ClawHub

Local Falcon

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Local Falcon SEO guidance skill with optional account-connected MCP workflows, and I found no artifact-backed evidence of hidden execution, exfiltration, or destructive behavior.

Safe to install as an instruction-only SEO skill. Before connecting the optional Local Falcon MCP, review the npm package, use a dedicated or limited API key if possible, and require explicit approval before reading account data, running scans that consume credits, enabling AI Analysis, creating campaigns, or changing monitoring settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest trigger list is extremely broad and includes generic terms like 'local SEO', 'AI visibility', 'Google Business Profile', and 'review velocity', which can cause the skill to activate in many unrelated conversations. Over-broad auto-invocation increases the chance that this skill hijacks routing, injects brand-specific guidance where it was not requested, or exposes users to unnecessary setup instructions and external service promotion.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The natural-language activation rules are also overly broad, activating on common topics like local SEO, map pack rankings, review strategy, and citation questions. In an auto-invoked skill system, this can lead to prompt-surface overreach, where the skill inappropriately takes control of general discussions and steers users toward a specific vendor workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad phrases such as "local seo," "ai visibility," and "google business profile" that are common in ordinary conversation. In agent routing systems, overly generic triggers can cause unintended activation of this skill, exposing users to unsolicited domain-specific guidance and potentially overriding a more appropriate skill or system behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly tells agents to always enable AI Analysis by default and only opt out if the user objects, but it does not clearly disclose what additional processing or data sharing occurs. In a tool that handles business/account/scan data, this weakens informed consent and can cause sensitive operational data to be sent for secondary AI processing without the user's explicit approval.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The workflow instructs the agent to pull saved locations or search business data before obtaining user confirmation, which can expose account or business context unexpectedly. While this is core product functionality, silently accessing account-linked data broadens data access without a clear user awareness step, creating a consent and privacy-boundary issue.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal