ClawHub

Competitor Message Differ

Security checks across malware telemetry and agentic risk

Overview

This skill mainly generates local competitor-messaging comparison drafts, with some unused broader audit code that users should avoid enabling.

Install only if you are comfortable with a local python3 script reading the input you provide and optionally writing a report. Use it for competitor messaging materials, avoid sensitive directories, and do not modify resources/spec.json to enable the unused audit modes unless you intentionally want local file auditing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet the content explicitly allows use of `python3` with input/output files and references local resources, which implies file read, file write, and shell execution capabilities. This is dangerous because downstream systems or reviewers may trust the undeclared low-risk profile while the skill can in practice access local files and invoke an interpreter, increasing the chance of unintended data access or command execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The static finding indicates behavior far beyond the stated purpose of competitor messaging comparison, including directory scanning, CSV/TSV analysis, regex-based secret/high-risk pattern scanning, file validation, and dynamically switching audit modes from `spec.json`. That mismatch is dangerous because it can mask a broader local inspection/auditing tool as a benign analysis skill, causing users to expose unrelated workspace data and enabling overcollection of sensitive information under a misleading description.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The dispatch logic enables multiple modes unrelated to the declared competitor-messaging purpose, including directory, CSV, pattern, and skill-package audits. This scope mismatch is dangerous because it allows the skill to inspect arbitrary local files and repositories under a benign-seeming label, increasing the chance of unauthorized data discovery and deceptive operator use.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The pattern_audit function scans arbitrary files/directories for secrets, private URLs, and dangerous shell patterns, which is unrelated to competitor messaging comparison. In this context, it creates a covert local security scanner that can enumerate sensitive material from user-provided paths, making the misleading skill purpose materially more dangerous.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill_audit logic inspects package structure, parses SKILL.md frontmatter, and reports compliance details unrelated to competitor-message differencing. While not directly executing code, it broadens access to arbitrary local project contents under false pretenses and can expose internal repository structure and metadata.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The directory and file enumeration logic recursively scans arbitrary paths, lists files, reads markdown content, and summarizes headings. For a competitor messaging tool, this is unjustified data access that can reveal sensitive local project names, content themes, and document structure to downstream outputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal