ClawHub

AI Chatbot Service

Security checks across malware telemetry and agentic risk

Overview

This is a simple local FAQ chatbot; its admin-style commands are documented and only affect in-memory chatbot state, with no evidence of hidden access or data exfiltration.

Install only if you want a lightweight local FAQ chatbot. Do not rely on it for real complaint escalation unless that workflow is implemented separately, and avoid entering sensitive customer details in shared sessions because stats may display recent conversation snippets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a customer-service chatbot, but it also exposes an unauthenticated administrative capability to mutate the FAQ knowledge base via the add command. In an agent ecosystem, this creates an integrity risk because any caller who can invoke the skill may alter future responses, potentially inserting misleading, unsafe, or policy-violating content.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The skill includes operational commands to inspect internal state (stats) and reset conversation state (clear), which go beyond the declared customer-support purpose. While not directly enabling code execution, these commands can leak recent conversation snippets and allow destruction of session context, affecting confidentiality and availability of support interactions.

Missing User Warnings

Medium
Confidence
73% confidence
Finding
The skill exposes a `clear` operation that erases conversation history, but the description does not warn that this is destructive or irreversible. In an agent setting, users may trigger it without understanding the consequence, causing loss of context, auditability, or user support records needed for follow-up handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal