ClawHub

page-behavior-audit

Security checks across malware telemetry and agentic risk

Overview

This looks like a real page-auditing skill, but it needs review because it disables browser sandboxing, accepts broad URL scans, stores sensitive audit artifacts, sends alerts externally, and includes an unrelated broad shell-permission file.

Install only in a controlled environment. Remove or ignore the bundled .claude/settings.local.json, avoid exposing the scan webhook publicly, restrict scans to approved targets, use a hardened browser/container instead of --no-sandbox where possible, and treat screenshots, HAR files, and WeCom alerts as potentially sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises screenshots and HAR export but does not warn users that these artifacts can capture page contents, session identifiers, personal data, and other sensitive material, then persist them on disk. In an auditing context, this increases the chance of inadvertent local data exposure, especially if the audit directory has weak permissions or is backed up/synced elsewhere.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that critical findings are sent to a WeCom webhook but does not clearly warn that audit-derived information leaves the local environment and is transmitted to an external service. This creates a privacy and data-handling risk because findings may include URLs, response characteristics, or other potentially sensitive indicators from audited targets.

Vague Triggers

Medium
Confidence
90% confidence
Finding
This skill is both runnable in the UI and webhook-triggered, but the manifest does not present clear user-facing constraints about who can invoke it, what URLs may be scanned, or what network actions it will perform. That creates a real security and governance gap because users may unknowingly use it to fetch arbitrary remote pages and collect artifacts, increasing SSRF-style misuse and unintended internal-resource access risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description says this is a behavioral audit but does not disclose that it saves screenshots and HAR files to disk, both of which can contain sensitive page content, tokens, query strings, and session-related metadata. Users may run it against authenticated or internal pages without understanding that durable local artifacts will be created.

Missing User Warnings

High
Confidence
99% confidence
Finding
The manifest declares an external WeCom webhook for critical alerts but does not warn users that findings and page-derived data may be transmitted off-platform. Because the report includes the audited URL and serialized alerts, this can leak sensitive internal targets or detected content to a third-party endpoint without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal