ClawHub

collage-application

Security checks across malware telemetry and agentic risk

Overview

The skill matches its college-application purpose, but it may ask users to expose an unnecessary API key and sends exam details to an external UAT service without clear disclosure.

Review before installing. Do not paste any long-lived API key into chat for this skill, and only use it if you are comfortable sending exam score, rank, subject choices, province, and major preferences to the randomlife.cn UAT endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly tells the agent to ask the user to paste an API key into chat if an environment variable is unavailable. Requesting secrets in conversational text is dangerous because chat content may be logged, retained, exposed to other tools, or mishandled by downstream components, leading to credential compromise and unauthorized API usage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function sends user-supplied province, score, rank, course selection, and intended majors to an external remote service without any visible consent flow, privacy notice, or minimization of transmitted data. Because this is educational and potentially personally identifying/behavioral data, the main risk is unintended data disclosure to a third party, especially since the endpoint is a UAT environment, which may have weaker data-handling controls than production.

Ssd 3

Medium
Confidence
98% confidence
Finding
Instructing the agent to have the user provide an API key directly in chat creates a clear secret-handling vulnerability. Because the skill also supports passing that key as a command-line argument, the secret may additionally leak through process listings, logs, error traces, shell history, or telemetry, compounding exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal