ClawHub

ask-ai

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill transparently helps an agent consult external AI assistants, but users should avoid sharing sensitive information through it.

Use Ask Mode for normal or sensitive work, review the exact prompt before sending it to an outside AI service, and do not include secrets, credentials, private documents, regulated data, or confidential business information unless you are comfortable sharing it with that provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases and activation rules are broad enough that the skill may invoke external AI services in situations the user did not clearly intend, especially with phrases like 'Open AI' or generic requests to consult AI. In this skill's context, unintended activation is more dangerous because activation causes data to be sent to third-party services, potentially exposing user content or system context.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The condition 'agent encounters a difficult problem' is subjective and undefined, allowing the agent to decide on its own when to escalate to an external AI service. Because this skill is specifically designed to open third-party AI assistants, that vagueness can lead to unsanctioned data sharing and unpredictable behavior without a clear user-approved boundary.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README promotes sending queries to external AI services but does not warn that prompts may contain sensitive user, workspace, credential, or proprietary data. In this skill's context, omission of privacy and data-handling safeguards is especially dangerous because the entire purpose of the skill is to transmit problem context to third-party websites.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill's activation criteria are broad and subjective, such as 'knowledge gaps,' 'deeper explanations,' and 'complex problems,' which can cause the agent to invoke external AI services in many ordinary situations. In practice this increases the chance of unnecessary data disclosure to third-party services and weakens user control over when external systems are consulted.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly allows automatic use of external AI in 'Trust Mode' but provides no warning that prompts, files, or conversation context may be transmitted to third-party providers. This creates a clear privacy and data-governance risk because users may be unaware that sensitive information is being shared outside the primary system.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal