ClawHub

Chinese LLM Router

Security checks across malware telemetry and agentic risk

Overview

The skill coherently routes chats to user-configured Chinese LLM providers, with expected but important privacy and API-key handling risks.

Install only if you are comfortable sending prompts to the configured third-party LLM providers and storing their API keys locally. Use trusted HTTPS endpoints, avoid sensitive or regulated data unless provider policies allow it, restrict access to the config file, and use low-quota or revocable API keys where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly routes user conversations to multiple third-party Chinese LLM providers but does not disclose that prompts, attachments, and possibly metadata will leave the local environment and be transmitted to external services. This creates a real privacy and compliance risk because users may unknowingly send sensitive data to vendors with different retention, logging, and jurisdictional practices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration and setup guidance instructs users to obtain API keys and configure provider endpoints, but it does not warn about secure credential storage, exposure risks, or the fact that configured providers will be contacted over the network. In an agent skill context, omission of credential-handling and outbound-network warnings can lead to accidental key leakage, unsafe file permissions, or use in environments where external connectivity is not permitted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup script interactively collects API keys and persists them in plaintext JSON under the user's home directory without warning, masking, permission hardening, or use of an OS credential store. This increases the chance of accidental disclosure through local compromise, backups, logs, shoulder-surfing, or permissive filesystem access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal