ClawHub

Deep Research Pro v2.2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent research skill that downloads and parses PDFs for source-backed reports, with expected network and file use but no evidence of deception, credential access, exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with a research helper that runs local scripts, downloads PDFs from supplied research URLs, and writes source cards and reports. Use trusted public PDF URLs, avoid localhost/private/internal URLs and very large files, keep card IDs simple such as card-001, and update any report data cutoff date to match the actual sources used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script downloads and processes an arbitrary user-supplied URL with only a superficial 'http' prefix check. In an agent or automation context, this creates an SSRF-style outbound request primitive that can be abused to reach internal services, fetch attacker-controlled content, or trigger parsing of malicious PDFs, which meaningfully expands the skill's attack surface.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The template hard-codes a specific data cutoff date while presenting itself as a reusable research-report template. This can cause generated reports to falsely claim recency or imply use of up-to-date public data even when the actual sources are older, missing, or inconsistent, which undermines transparency and can mislead downstream decisions.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill metadata and description are written in Chinese and frame the workflow in a way that effectively assumes Chinese output, without any indication that language should follow the user's preference. This can override user intent, reduce usability for non-Chinese users, and cause downstream misunderstandings in research outputs or confirmations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code performs external retrieval from a user-provided URL without meaningful validation, safety messaging, or controls around destination, size, and content. This is dangerous because it allows untrusted remote data ingestion and subsequent PDF parsing, which can be leveraged for internal network probing, resource exhaustion, or exploitation of parser bugs through crafted files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal