ClawHub

Expor Native UI

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Expo UI skill with some caution-worthy setup and permission examples, but no hidden execution, exfiltration, destructive behavior, or persistence was found.

Prefer the ClawHub install command over the unpinned GitHub npx install path unless you trust and have reviewed the repository. When using the examples, approve native build steps and sensitive permissions such as camera, microphone, media library, files, and secure storage only for app features that actually need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file explicitly says to use this skill for ANY 3D graphics, games, GPU compute, or Three.js work, which materially exceeds the declared skill scope of Expo native UI, routing, animations, and platform patterns. Overbroad scope expansion can cause an agent to invoke this skill in unrelated contexts and follow risky setup guidance, including native module integration and GPU APIs, without the narrower guardrails implied by the manifest.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation instructs users to perform a custom native build (`expo prebuild`, `expo run:ios`) and integrate WebGPU, which is outside the stated native UI/router focus of the skill. In an agent setting, this can push consumers toward higher-risk native modifications and capability expansion that they did not request, increasing attack surface and making the skill more operationally dangerous than advertised.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guidance explicitly recommends requesting camera permission eagerly, which can encourage developers to prompt for sensitive access before clear user intent or contextual explanation. While not an exploit by itself, this is a privacy-antipattern that can normalize over-collection of permissions, reduce informed consent, and lead to unnecessary access to the camera.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase 'Use this skill for ANY 3D graphics, games, GPU compute, or Three.js features' is overly broad and likely to match many requests beyond Expo native UI concerns. In an agent workflow, broad routing criteria can cause the wrong skill to activate, leading to inappropriate recommendations, dependency changes, and native build steps in contexts where they are unsafe or unnecessary.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal