ClawHub

Cookiy

Security checks across malware telemetry and agentic risk

Overview

Cookiy is a coherent user-research integration, but it needs review because it tells agents to automatically install or repair an external MCP server and change local configuration without explicit consent.

Install only if you trust Cookiy and the `cookiy-mcp` npm package. Before using it, verify the MCP config changes, complete OAuth deliberately, avoid uploading confidential screenshots unless intended, and require explicit confirmation before paid actions, checkout links, recruitment launch, or sharing report links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are broad enough that the skill may trigger on generic user-research or adjacent conversations and begin setup behavior without a narrowly scoped user request. In this skill, that matters because activation can lead into MCP health checks and potential installation/repair logic, increasing the chance of unexpected configuration changes or OAuth prompts.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent not to ask the user before installing or repairing MCP, and the installer may replace local client configuration. This creates an unsafe autonomy boundary: a normal conversation about research could cause unannounced local environment changes, server reconfiguration, or OAuth initiation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill tells users to paste a final callback URL or authorization code back into the terminal without warning that these artifacts are sensitive credentials or may contain secrets. Mishandling them can expose OAuth codes, session parameters, or account access to logs, transcripts, or other observers.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger is broad enough that an agent could activate this workflow for loosely related requests about testing guides or AI personas without strong user confirmation. In a skill that can launch interview-generation jobs and potentially incur costs, ambiguous activation boundaries increase the risk of unintended tool use, privacy exposure in study context, and accidental paid operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow tells the agent to display payment details and a checkout URL after a 402 response, but it does not require a clear warning that continuing may incur charges or require explicit user confirmation before proceeding toward payment. In this context, that creates a meaningful risk of dark-pattern-like steering or accidental billing escalation, especially if the agent is operating quickly across a multi-step workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase is overly broad and can cause this workflow to activate for generic research-related requests, leading the agent to initiate study-creation actions when the user may not have intended to use this external service. In this skill's context, that increases the chance of premature data collection, external transmission of user content, and unintended paid operations or workflow escalation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to upload images and submit study content to Cookiy-managed infrastructure without an explicit user-facing warning that screenshots, mockups, and research goals are being transmitted to external services. Because these materials may contain sensitive product, customer, or personal information, the omission can cause unknowing disclosure of confidential data, especially when combined with the broad trigger behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal