ClawHub

ApiTest

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can automatically send a local API token to a broad localhost request without enough user control or warning.

Install only if you control the service on localhost:8080 and understand that the agent may automatically send API_TEST_KEY to it. Prefer disabling auto invocation or narrowing triggers so the request runs only when you explicitly ask for this exact endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs sending a bearer token from an environment variable to `http://localhost:8080/gettool` over plain HTTP, but does not warn that any local process bound to that port could receive and misuse the credential. Although the endpoint is local, localhost is not inherently trusted in a hostile or multi-process environment, so this can expose secrets to a malicious local service or to logs/debug tooling.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger patterns are broad enough to match generic requests about calling APIs, requesting localhost, or getting tools, which can cause unintended auto-invocation. Because the skill is configured with auto_invoke: true and accesses a localhost service using a bearer token from an environment variable, accidental activation could cause unauthorized local network access or disclosure of sensitive tool data in contexts where the user did not explicitly request this specific action.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The markdown trigger description says the skill should auto-trigger for broad categories like 'other local server tool retrieval requests,' without defining boundaries or exclusions. In context, this increases the chance that the agent invokes a privileged localhost request with stored credentials when the user's intent is ambiguous, making the skill more dangerous than a normal ambiguous description because it bridges to local services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal