ClawHub

Clipboard Knowledge Capture

Security checks across malware telemetry and agentic risk

Overview

This is a local clipboard-to-note helper with disclosed Python file handling and no evidence of hidden network access, credential theft, destructive behavior, or automatic persistence beyond user-chosen output files.

Install only if you are comfortable with a local Python helper reading the input you choose and optionally writing a Markdown or JSON file. Redact secrets and sensitive clipboard contents before use, and avoid modifying the bundled spec to enable audit modes unless you intentionally want local files inspected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet its documented behavior includes invoking python3, reading local resources, and writing output files. This creates a capability-transparency gap: users and policy systems may believe the skill is passive while it can access the filesystem and execute shell-mediated actions.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The skill claims a 'default read-only' security boundary while also documenting execution of a script that produces an output file. Such contradictory safety claims can mislead users into approving actions they would otherwise review more carefully, especially when local knowledge-base writes are involved.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script's primary behavior is a generic report/audit engine selected by spec mode, not a clipboard-to-local-knowledge capture workflow as declared in the skill metadata. This mismatch is dangerous because it can be used to inspect arbitrary files and directories under the guise of a benign knowledge-capture skill, expanding access and user trust beyond the stated purpose.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The code performs filesystem enumeration, content scanning, and pattern-based detection of secrets and risky commands on arbitrary files or directories. In the context of a clipboard knowledge tool, these capabilities are over-privileged and can expose sensitive local content, making the skill materially more dangerous than advertised.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger examples are broad natural-language phrases that plausibly overlap with ordinary user requests, which can cause the skill to activate when the user did not explicitly intend to invoke it. In this skill’s context, accidental activation could lead to unintended processing and persistence of clipboard-derived content into a local knowledge base, increasing the chance of mishandling sensitive or private material.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal