ClawHub

Ai Search Rank Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill should be reviewed because it appears to simulate named AI services while presenting results as ChatGPT, Claude, Gemini, and Perplexity visibility data.

Install only if you are comfortable treating the outputs as simulated or estimated AI visibility, not verified results from each named service. Avoid entering confidential prompts or sensitive competitive plans unless you trust the configured AI provider and routing. Review generated reports for raw errors before sharing them externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims to track recommendations from specific engines like ChatGPT, Claude, Gemini, and Perplexity, but the described behavior suggests it may instead simulate those engines using generic OpenAI/Anthropic/OpenRouter-compatible backends. This creates a material integrity problem: users may make business, SEO, or competitive decisions based on mislabeled or fabricated provenance, believing the results reflect real external services when they do not.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The prompt database materially exceeds the stated skill purpose of AI search visibility tracking by including broad SaaS, developer tools, local AI, and OpenClaw ecosystem product-discovery queries. This creates a capability mismatch where the skill can be used to perform general market intelligence, competitor surveillance, and unrelated brand discovery, increasing the risk of unauthorized data collection, deceptive positioning, or policy evasion under a narrower declared use case.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The prompt explicitly instructs the model to imitate another platform and conceal that the output is simulated. In a monitoring/reporting skill, this can mislead downstream users into treating synthetic content as authentic platform output, enabling deceptive reporting, compliance issues, or business decisions based on fabricated provenance.

Natural-Language Policy Violations

Low
Confidence
95% confidence
Finding
The CSV records raw provider error strings, including 'Missing ANTHROPIC_API_KEY', which reveals internal configuration state and the specific provider integration in use. While this does not expose the secret itself, it leaks environment and dependency details that can aid fingerprinting, troubleshooting abuse, or targeted follow-on attacks against the deployment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
This prompt set contains broad, natural-language discovery queries that closely resemble ordinary user requests rather than tightly scoped internal triggers. In a skill designed for AI search visibility tracking, such generic phrases can cause accidental or overbroad activation, leading the system to run brand/comparison logic in contexts the user did not clearly intend.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The prompt "best ai software for startups" is extremely generic and indistinguishable from a normal end-user research query. In this skill, that creates a meaningful risk of unintended invocation or prompt capture, where the agent may treat ordinary product research as a request to run this tracking workflow.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The prompt "best ai software for remote teams" is also broad consumer-style language with no clear scoping or exclusions. Because the skill's purpose is specialized monitoring and competitor detection, using such open-ended phrasing increases the chance of activating on unrelated conversations and producing misleading or unnecessary analysis.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The prompt "best ai platform for startup teams" is ambiguous and overlaps heavily with ordinary software evaluation language. In the context of an agent skill, ambiguous triggers are dangerous because they blur the line between general assistant behavior and specialized skill invocation, which can cause unintended data processing or workflow execution.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
User-supplied prompts are transmitted to an external AI provider without any visible consent, warning, redaction, or policy gate in this code path. If users submit confidential brand, customer, legal, or competitive intelligence queries, sensitive data may be disclosed to a third party unexpectedly.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The Anthropic path sends prompt content externally with no evidence of user-facing notice, sensitivity filtering, or minimization. In this skill context, prompts may contain proprietary monitoring targets, campaign plans, or internal evaluation criteria, making silent third-party disclosure risky.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The OpenRouter path forwards prompts to an intermediary service, which can increase data-sharing exposure because requests may traverse an aggregator and potentially additional downstream model providers. Without disclosure or controls, users may unknowingly send sensitive competitive or brand-monitoring queries through a broader third-party chain.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal