ClawHub

openclaw venture capitalist

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate cloud investment-analysis skill, but it needs Review because it sends sensitive business data to a remote service while privacy/support claims are unfinished and the API-key destination can be overridden.

Install only if you are comfortable sending company names, financial figures, market questions, and risk inputs to ZhenCap. Verify the vendor, privacy policy, terms, and support/security contacts before using confidential deal data or a paid API key, and ensure ZHENCAP_API_URL is unset or points only to a trusted endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The submission package presents privacy/terms links and support contacts as available evidence of compliance, but elsewhere states those pages and email channels still need to be created. This contradiction can mislead reviewers and users about the existence of privacy, legal, and incident-reporting mechanisms, undermining informed consent and trust in a skill that sends user data to a remote API.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The checklist claims there are 'No contradictory claims' even though the same file contains explicit inconsistencies about whether privacy/terms resources and privacy/security contacts already exist. While not a direct code-execution issue, this is a trust and security-governance problem because it can cause reviewers to incorrectly conclude that disclosure and support controls are in place.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file makes concrete privacy and data-handling representations, including retention periods, user rights, and contact channels, while later admitting that the linked policy pages and contact emails may not yet exist. In the context of a skill that transmits user-provided business data to an external service, overstated privacy readiness is dangerous because users may rely on rights, disclosures, or reporting paths that are unavailable in practice.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The report embeds and displays a plaintext API key value in example commands and output, which normalizes unsafe secret-handling practices and risks accidental reuse of real credentials in logs, screenshots, or copied documentation. Even though the shown value appears to be a test key, this kind of documentation can lead developers to expose actual secrets the same way, and markdown reports are often broadly shared or committed to version control.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest defines multiple POST-based tools that send potentially sensitive business and company information to a third-party remote API, while explicitly stating that no authentication is required and providing no visible privacy notice, consent language, or data-handling disclosure. In a finance/investment context, uploaded company, valuation, competitor, and risk data may be commercially sensitive, so silent transmission can cause confidentiality, compliance, and user-trust issues even if the service is otherwise legitimate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal