ClawHub

Davos

Security checks across malware telemetry and agentic risk

Overview

This poster-making skill is coherent and low risk, though users should keep its temporary files and local web server narrowly scoped.

Reasonable to install for HTML poster creation. When using it, prefer a dedicated temporary folder instead of ~/Desktop, avoid overwriting existing files, bind the server to 127.0.0.1, stop it immediately after screenshotting, and review any generated poster before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill directs the agent to create files on `~/Desktop/` and optionally delete them later, but does not clearly warn the user that it will modify the filesystem. Even though the changes are limited and related to the task, undocumented file creation/deletion can surprise users and may overwrite or remove user data if filenames collide.

Missing User Warnings

Low
Confidence
89% confidence
Finding
Starting a local HTTP server exposes the chosen directory over HTTP, and the skill does not clearly warn the user that Desktop contents may become reachable from the local machine or, depending on bind/network configuration, other devices on the network. The context is benign, but lack of disclosure increases risk of unintended local file exposure.

Missing User Warnings

Low
Confidence
93% confidence
Finding
Using `pkill -f "python3 -m http.server 9999"` can terminate any matching process, not just the one started by this skill, and the skill provides no warning about that behavior. While the impact is usually limited to local disruption, it can stop unrelated services if their command line matches.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal