ClawHub

Agentic Workflow Automation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a small workflow-blueprint generator with a dry-run wording bug, not malware or a hidden data-access tool.

Install only if you are comfortable running a small local Python script that reads a JSON file you choose and writes blueprint output files. Do not rely on --dry-run to prevent file creation or overwrites; test with a temporary or dedicated output path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to run a local script and read a reference file, which implies file read and execution-related capabilities, yet no permissions are declared in the skill metadata. This creates a transparency and policy-enforcement gap: consumers may invoke the skill assuming it is documentation-only, while it actually depends on local resource access that could be abused or fail open in environments with broader defaults.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The `--dry-run` flag is documented as running without side effects, but the script still writes the output file via `render(...)`. This creates a semantic safety issue: callers may rely on dry-run mode to avoid filesystem changes, and in automation contexts that can overwrite artifacts, create misleading outputs, or violate expectations in higher-privilege workflows.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The default invocation prompt is overly broad and does not constrain when or how the skill should be used, which increases the chance that an agent will invoke it in unintended contexts. Because this skill generates reusable workflow blueprints that may orchestrate downstream actions, ambiguous triggering can lead to unsafe automation artifacts or inappropriate handoff recommendations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal