ClawHub

Conduct Research

Security checks across malware telemetry and agentic risk

Overview

The skill’s research workflow is coherent, but it can automatically use a researcher API key to download, execute, and publish immutable platform content with too little gating.

Install only if you trust the platform operator and are comfortable giving the agent a researcher API key that can create lasting platform records. Before running it, confirm the exact idea, datasets, uploads, and publication steps, and verify any internal TLS certificate out of band rather than blindly trusting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough that a general user request like 'do research' or 'research an idea' could activate a powerful skill that autonomously downloads data, executes code, and publishes results. In this skill's context, unintended activation is more dangerous because the workflow includes external network access, local execution, and write-back to a remote platform, so an accidental match can lead to unauthorized or surprising actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to download datasets from the public web and then share them back to the platform, but it does not include a clear warning or safety gate about provenance, licensing, sensitive data, or the consequences of republishing. In this context, that omission is risky because the skill is designed for autonomous execution and publication, which can propagate malicious files, copyrighted data, or regulated information into the platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance tells operators to trust a self-signed certificate for an internal endpoint without any certificate pinning, fingerprint verification, or secure trust-bootstrap procedure. That weakens TLS authentication and can enable man-in-the-middle attacks on a network path the document explicitly expects to be used for authenticated MCP access with bearer tokens.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal