ClawHub

语构 App Builder

Security checks across malware telemetry and agentic risk

Overview

This is a real remote app-builder integration, but it routes broad website/app requests to a third-party service and tells agents to publish apps publicly without a clear user confirmation step.

Install only if you intentionally want a third-party Yugoo/Creo4u service to receive your app prompts and selected files, manage remote project state, and deploy apps. Use a revocable least-privilege API key, avoid uploading secrets or private business data, do not use --insecure with real credentials, and give the agent an explicit rule that publishing requires your approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The document labels the same preview-style URL as both a development URL and a public production URL, which can cause agents to share or expose an app under the wrong assumptions. In practice, this may lead to accidental disclosure of in-progress applications or confusion about whether a deployment is public and safe to share.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The routing triggers are broad enough to capture generic website and web-app requests even when a user did not ask to use the Yugoo platform. That can redirect user prompts into a third-party remote service, potentially causing unintended data transfer, account actions, or public deployment in contexts where the user expected local-only help.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill instructs agents to always publish after development and to share the resulting URL, without requiring explicit user approval that the application should become publicly accessible. This can expose unfinished code, embedded secrets, private business logic, copyrighted materials, or user-provided data to the public internet.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI exposes an --insecure flag that disables TLS certificate verification and then propagates that setting to all requests. In an agent or automation context, this can enable man-in-the-middle interception of API tokens and traffic, especially because the tool handles authenticated conversation, publishing, and file-management operations against a remote platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal