ClawHub

Clarity AI

Security checks across malware telemetry and agentic risk

Overview

The core skill is a local intent parser, but its README recommends an unreviewed remote shell installer and the code quietly sends prompts to a local Ollama service when available.

Prefer the normal ClawHub install path and do not run the README's remote `curl | bash` installer unless you inspect that script first. Avoid sending secrets or proprietary code through this skill if Ollama is running locally, and stop the Ollama service when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The code sends the full user prompt to a local Ollama HTTP service even though the returned model output is discarded and does not affect parsing. This creates unnecessary data exposure and violates the stated privacy-first/structured-parser behavior, which can mislead users into sharing sensitive content under false assumptions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are common natural-language expressions that can easily appear in ordinary conversation, causing accidental skill activation or prompt-routing without clear user intent. In an agent environment, ambiguous triggers can let unrelated content be reinterpreted by the skill, increasing the chance of unintended behavior or prompt injection through normal dialogue.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Telling users to 'describe your problem naturally' without a strong invocation boundary makes it unclear when the skill should engage, which increases the risk of over-triggering and unintended transformation of user input. In a chaining or agentic system, this ambiguity can propagate downstream and influence later tools or models in ways the user did not request.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
User input is forwarded to the Ollama API without any warning, consent, or visible indication in the interface. In a skill advertised as privacy-first, undisclosed prompt forwarding can expose secrets, credentials, proprietary code, or personal data to another service/process, even if it is local.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal