ClawHub

Prospector

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed lead-prospecting tool that searches public websites, extracts emails, caches them locally, and can export them, with privacy and data-quality cautions but no artifact-backed malicious behavior.

Install only if you are comfortable with a tool that scrapes public websites and WHOIS records, stores discovered company/email data locally, and can export it in bulk. Review results before use, purge or protect the cache and exported files, avoid untrusted proxy settings, and ensure any outreach complies with applicable privacy and anti-spam rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Tainted flow: 'PROXIES' from os.environ.get (line 52, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
emails = set()
    
    try:
        response = requests.get(
            url,
            headers=get_random_headers(),
            timeout=10,
Confidence
96% confidence
Finding
response = requests.get( url, headers=get_random_headers(), timeout=10, verify=False, allow_redirects=True, proxies=PROX

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises and documents capabilities that read environment variables, perform network access, and read/write local files, but it declares no permissions. That mismatch weakens trust boundaries and can cause the skill to operate with more effective access than users or the platform expect, especially given its caching/export behavior and proxy env usage.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The documented behavior goes beyond the declared purpose by including stronger email verification semantics and search-engine availability testing that are not clearly disclosed in the top-level description. Undisclosed capabilities matter in security review because they expand network probing and data-processing scope beyond what a user would reasonably infer.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The cached value at line 23 contains a long URL-encoded sentence with phone numbers and other text, not a valid email address, despite the skill claiming email-format validation. In a lead-generation skill that extracts and reuses contact data, this can corrupt downstream processing, poison CSV/JSON exports, and cause accidental disclosure or misuse of unrelated contact information.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill manifest says this component is only for simple querying, but the code also provides full export-to-file functionality for the collected customer dataset, including emails. That capability expansion increases data exfiltration risk because a caller can persist and redistribute the entire lead database rather than merely view filtered results interactively.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file-level description states the script only queries collected customer data, but the CLI also writes bulk customer data and emails to JSON/CSV files. This mismatch is security-relevant because downstream agents or users may trust the narrower description and invoke the tool without realizing it can create local copies of sensitive contact data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that company and email contact data are cached locally and that some caches are permanent, but it does not provide a prominent warning about privacy, retention, lawful basis, or the operational risk of building a persistent contact database. In a lead-generation skill whose core purpose is collecting and storing contact details, this omission increases the chance of unintended retention, misuse, or non-compliant handling of personal/business contact information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises export of collected customer/contact data to JSON and CSV without clearly warning that exported files may contain sensitive contact information and can be copied, shared, or left unprotected outside the tool's cache controls. Because this skill is designed for prospecting and aggregating contact emails, export materially increases the risk of data leakage and downstream misuse if users are not warned about secure handling.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger conditions are broad enough to auto-activate on common requests about finding companies or contacts, which increases the chance the agent invokes scraping, WHOIS lookup, caching, and export without sufficiently specific user intent. In this context, over-broad invocation is risky because the skill handles third-party contact collection and persistence, not just lightweight search.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill collects, caches, queries, and exports contact information, including email addresses from websites and WHOIS records, but the documentation does not clearly warn users about privacy, retention, or lawful-use implications. Because the skill builds a persistent local contact database and supports export, misuse could facilitate large-scale lead harvesting or improper handling of personal data.

Vague Triggers

Low
Confidence
88% confidence
Finding
The same entry is ambiguous because it mixes descriptive text, phone numbers, and an email-like suffix inside an email list field. In this skill's context, where cached data may be queried or exported as structured prospect information, ambiguous entries can confuse interpretation, break automation, and increase the chance of bad data being treated as trusted contact intelligence.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The module persists scraped company data and email addresses to local JSON cache files in cleartext without any access control, minimization, consent, or retention safeguards beyond search-cache expiry. In the context of a lead-generation skill that intentionally collects contact information, this increases privacy and compliance risk because sensitive business contact data can be retained and exported unexpectedly by other local users, processes, or backups.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The export path writes collected customer emails and related company data directly to disk in JSON or CSV form without any warning, consent checkpoint, minimization, or access control. In this skill context, the dataset is specifically a prospect/customer contact database, so silent bulk export materially increases privacy, compliance, and unauthorized redistribution risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal