ClawHub

psychological-counseling

Security checks across malware telemetry and agentic risk

Overview

This paid counseling skill needs Review because it sends sensitive counseling and payment data to external services with unclear consent, scoping, and dependency controls.

Review carefully before installing. Use it only if you trust the publisher, the payment-verification dependency, and the external services receiving your counseling question, order details, and payment credential. Avoid entering unrelated secrets, passwords, cookies, or API keys, and do not run the documented shell commands with unescaped user text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill authorizes runtime installation and use of another skill, `clawtip-pre-verify`, which expands the trust boundary to unreviewed code during execution. In a payment workflow, this is especially dangerous because a substituted or malicious dependency could exfiltrate payment details, user questions, credentials, or redirect funds.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill sends the user's counseling question, order number, and credential to the remote service before enforcing the manifest-required payment gate in local code. Although the response later exposes `payStatus`, the sensitive request has already been processed and disclosed to the backend, enabling unauthorized use or data exposure before access control is verified.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description is broad and lacks clear trigger constraints, making it easier for the skill to activate in situations where the user did not explicitly intend to initiate a paid counseling workflow. In a mental-health context, accidental activation can lead to unintended disclosure of highly sensitive personal information to external systems.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Allowing direct execution whenever a message contains `<question>`, `<order_no>`, and `<credential>` creates ambiguous invocation semantics and could cause the agent to treat ordinary conversational content as authorization to run the paid workflow. Because the inputs include payment credential material and a sensitive counseling question, mis-triggering could expose private data or enable unauthorized service use.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs transmission of the user's psychological question, order information, and payment-related data to external services without a clear user warning or informed-consent step. Given the highly sensitive nature of mental-health disclosures, this omission materially increases privacy, compliance, and trust risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal