ClawHub

EMP

Security checks across malware telemetry and agentic risk

Overview

The skill appears to send user prompts and caller-supplied headers to OpenRouter while being framed as a broad empathy/role-routing helper, which needs careful review before use.

Install only if you are comfortable sending prompts to OpenRouter and any downstream model providers. Do not use it with secrets, regulated data, legal/HR/security incidents, or internal headers unless the skill is updated to disclose the data flow clearly, strip sensitive headers, and require explicit opt-in for sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares environment and network capabilities via OPENROUTER_API_KEY and documented OpenRouter usage, but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can transmit prompts and use credentials externally, which increases the risk of unintended data exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as an empathetic role router, but its documented behavior includes authenticated outbound API calls, external model invocation, failover, and forwarding arbitrary extra HTTP headers. This mismatch is dangerous because operators may authorize the skill under a low-risk mental model while it can actually send user content and metadata to third-party services, expanding the attack and privacy surface.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to configure an OpenRouter API key and implies remote model usage, but it does not warn that prompts and possibly sensitive task content will be transmitted to an external third-party service. In a skill that routes potentially sensitive business, legal, HR, and security tasks, this omission can cause users to unknowingly disclose confidential data to an external processor.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
The documentation says every response is wrapped in the NVC/OFNR framework, imposing a communication layer without explicit user opt-in or an obvious way to disable it. While not a classic security flaw, forced framing can alter or obscure technical outputs and may be inappropriate in legal, HR, incident response, or security contexts where direct, precise wording is important.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill's scope is broad and loosely defined as role-based routing for many domains, including sensitive areas like legal, HR, security, and customer support, without clear activation boundaries. Overbroad activation increases the chance the skill is invoked on sensitive prompts and forwards them externally, even when a narrower or safer local handling path would be more appropriate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill declares OPENROUTER_API_KEY but does not provide a user-facing warning that prompts, metadata, or possibly sensitive content will be transmitted to an external service using that credential. This is dangerous because users may unknowingly expose confidential information to a third party, and administrators may provision secrets without understanding the associated data-flow risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill transmits the full user prompt and caller-supplied extra headers to a third-party API without any consent, minimization, or restriction. This is risky because prompts may contain sensitive data, and forwarding arbitrary headers can leak authentication tokens, cookies, or internal metadata to OpenRouter.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal