ClawHub
Back to skill

Security audit

Badge Qualifier

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only trade-show lead qualification skill that handles business contact details, with privacy caution needed but no hidden automation or suspicious behavior found.

Install this if you want help triaging trade-show leads. Treat badge scans, business cards, emails, and booth notes as personal data: only input data you are authorized to use, minimize what you provide, and confirm applicable privacy and marketing rules before using the output for follow-up or CRM workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages users to input badge scans, booth notes, OCR text, email addresses, job titles, and conversation summaries, all of which can contain personal or sensitive business information, but provides no privacy notice, consent guidance, retention limits, or handling restrictions. In a trade-show context this increases the chance that users will process personal data without adequate legal basis, notice, or safeguards, creating compliance and data-leakage risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example explicitly recommends outreach actions using named individuals' business contact details collected from badge scans and cards, but provides no privacy, consent, retention, or lawful-use guidance. In a lead-qualification skill, this can normalize processing personal data for follow-up without safeguards, creating compliance and trust risks under privacy regimes such as GDPR, especially in an EU trade-show context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal