ClawHub

claw_poster

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent poster-generation helper that uses a disclosed external MCP service, with privacy cautions but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending design prompts and any brand, account, date, or campaign details to the listed visual-rag MCP service on an ngrok domain. Avoid confidential, regulated, or unreleased business information unless you trust the service operator and its data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send user-provided design content to an external MCP endpoint, including potentially identifying details such as account names, brand names, dates, and campaign text, without requiring a user-facing disclosure or consent step. This creates a real data exposure risk because users may reasonably assume their content remains within the assistant unless told otherwise, and the endpoint is a third-party ngrok-hosted service, which increases uncertainty around data handling and trust boundaries.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is triggered by very broad, everyday design requests such as making posters, notices, or social-media covers, but it does not define clear activation boundaries or disambiguation rules. This can cause the agent to invoke the skill in situations where the user did not explicitly want external image generation, leading to unintended data sharing with the remote MCP service and overbroad tool use.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill hardcodes an external ngrok-hosted MCP endpoint and instructs the agent to send user design requests to it, but gives no warning that user content may be transmitted to a third-party network service. This creates a real data exposure risk, especially because user prompts may contain brand names, campaign details, schedules, or other sensitive business information, and the transient ngrok domain further increases trust and provenance concerns.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal