ClawHub

三省六部

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but its default setup can expose a sensitive dashboard and alter the user’s Python environment without enough control.

Review before installing. Use a virtual environment, avoid --break-system-packages, inspect the external edict implementation that will actually run, bind the dashboard to localhost unless remote access is intentional, add strong authentication before exposure, and reduce audit retention or redact logs if sensitive data may be processed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documented workflow enables audit logging with operational details and later sections show logging of personal data access context, but there is no prominent privacy disclosure, data minimization guidance, or warning that logs may contain sensitive information. In a multi-agent governance system, audit trails can accumulate actor IDs, user identifiers, IPs, timestamps, and regulated data access events, increasing privacy and compliance risk if mishandled.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The dashboard is configured to bind to `0.0.0.0` and includes panels for audit and security-related data, which makes the interface potentially reachable from any network interface. Without strong warnings and secure-by-default guidance, operators may unintentionally expose sensitive monitoring and audit data to unauthorized users, especially if OAuth is misconfigured or the service is deployed on a public host.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script silently installs Python packages with pip when a dependency check fails, without prompting the user, pinning versions, or ensuring a controlled virtual environment. In a high-privilege orchestration skill, this expands the attack surface by allowing unexpected network access and unreviewed package changes at startup, which can lead to supply-chain compromise or environment drift.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal