ClawHub

Adaptyv

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using Adaptyv's authenticated lab API; it includes sensitive and billable workflows, but those fit the stated purpose and are not hidden.

Install only if you intend to work with Adaptyv's Foundry API. Keep API keys scoped and out of source control, review costs before submitting experiments, do not use auto_accept_quote or quote confirmation unless you explicitly want to create a billable invoice, and only configure webhook URLs you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description contains very broad trigger phrases such as general mentions of protein assays, screening experiments, and related imports/domains, which can cause the skill to activate in contexts that are only loosely related to Adaptyv. In an agent setting, overbroad activation increases the chance the model will introduce external-action guidance or API usage patterns where the user did not clearly intend to use this service, potentially leading to unintended data sharing or operational suggestions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly shows an automated pipeline that sets `skip_draft=True`, `auto_accept_quote=True`, and sends status updates to a `webhook_url`, but it does not prominently warn that this can commit billable work and transmit experiment metadata to an external endpoint. In an agent workflow, that omission is dangerous because it normalizes a pattern that could trigger irreversible external actions, financial commitment, and outbound data disclosure without an explicit user confirmation step.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal