ClawHub

Qveris Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it gives the agent a broad auto-invoked gateway to search and execute external APIs without clear per-call consent or data-flow warnings.

Install only if you trust QVeris and are comfortable letting your agent use a QVeris API key to search for and execute external tools. Review each selected tool, destination, parameters, and expected cost before execution, and avoid sending secrets, private business data, personal data, or regulated information unless you have verified the provider and downstream tool handling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly relies on environment access (`QVERIS_API_KEY`) and network access to search for and execute third-party tools, but those capabilities are not explicitly declared. This creates a permission-transparency gap that can mislead reviewers and users about what the skill can access and enables external data exfiltration or unintended API calls without clear consent boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly says the skill can dynamically search for and execute external tools via the QVeris API, and that Claude Code will automatically use it for certain queries, but it does not warn users that prompts, parameters, and returned data may be sent to third-party services over the network. In an agent-skill context, this can cause unintended data disclosure or unreviewed external actions because users may not realize tool discovery and execution happen outside the local environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README advertises very broad automatic activation examples such as stock, analysis, search, weather, and exchange-rate queries, which can cause the skill to activate on many ordinary requests. Because this skill performs dynamic API discovery and execution, overbroad triggering increases the chance of unnecessary external calls and unintended data disclosure to third-party services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the skill can dynamically search and execute tools through the QVeris API but does not warn that user prompts, parameters, or retrieved data may be transmitted to external services. In a skill that brokers access to many third-party APIs, missing disclosure can lead users to unintentionally expose sensitive data or trigger network actions they did not expect.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is marked `auto_invoke: true` and uses broad trigger terms like 'analysis', 'data', and 'stock', which can match many benign conversations outside the intended context. Because the skill then enables dynamic discovery and execution of external tools, accidental invocation could send user context to third-party services or trigger unintended external actions without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation describes searching and executing dynamically discovered external tools but does not warn that user-supplied prompts, parameters, or derived context may be transmitted to third-party APIs. In a skill that brokers access to arbitrary external capabilities, this omission increases privacy and data-handling risk because users and operators may not realize sensitive information could leave the local environment.

External Script Fetching

Low
Category
Supply Chain
Content
**macOS and Linux:**
```bash
curl -LsSf https://astral.sh/uv/install.sh | sh
```

**Windows:**
Confidence
94% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
**macOS and Linux:**
```bash
curl -LsSf https://astral.sh/uv/install.sh | sh
```

**Windows:**
Confidence
97% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal