ClawHub

full-flow-testing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed API-testing assistant that creates local workspaces, runs user-confirmed tests, and writes reports, but users should handle credentials and shared knowledge-base updates carefully.

Install only if you are comfortable with the skill creating local workspaces and maintaining a shared API knowledge base. Use dedicated test accounts and non-production tokens, set workspace paths to controlled locations, review generated reports before sharing, and avoid confirming global KB updates that contain secrets, raw tokens, customer data, or sensitive internal payloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "testing assistant" is generic enough to appear in ordinary conversation, which can cause unintended skill activation. In a testing-focused skill, accidental invocation could lead to unsolicited workspace creation, collection of usernames or employee IDs, and initiation of testing flows the user did not explicitly intend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly allows any user to propose confirmed business information for insertion into a company-wide global knowledge base that is queryable by all users, but it does not require sensitivity review, redaction, or data classification before publication. In an API testing context, user-supplied docs and discovered behavior often contain internal endpoints, sample payloads, identifiers, and business rules, so this creates a realistic risk of cross-user data leakage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to save detailed test reports containing request/response details into user workspaces, but it provides no safeguards for masking secrets or sensitive fields before persistence. API test traffic commonly includes tokens, session identifiers, PII, and internal data, so retaining raw artifacts can expose sensitive information to anyone with filesystem or backup access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Security Audit mode instructs the use of provided accounts to obtain tokens and perform authorization tests, yet it does not define any secure credential handling, masking, storage restrictions, or prohibition on logging secrets. Because this mode specifically processes live auth material and privileged test identities, accidental disclosure in prompts, session files, temp files, or reports is especially likely and can directly enable account compromise.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill mandates collecting, storing, and prominently displaying user identifiers and linking them to workspace paths and session artifacts in ordinary text flows. This increases unnecessary exposure of identity data and can make shoulder-surfing, transcript leakage, or accidental disclosure of user-linked testing artifacts more likely.

Ssd 3

Medium
Confidence
93% confidence
Finding
The global KB design intentionally propagates user-provided API documentation, business flows, and optionally shared reports to all users, but it lacks a required sanitization and approval workflow for shared artifacts. In this context, shared API knowledge can easily include confidential implementation details, customer data, or sensitive operational findings, making the cross-user exposure materially dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal