ClawHub

Compliance Evidence Assembler

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a compliance-evidence helper, but it also performs broad local audits that can read files and report sensitive matches, so it needs Review before installation.

Install only if you intend to use this as a local compliance and security-audit helper. Run it on a deliberately chosen directory, review outputs before sharing them, and avoid pointing it at repositories or evidence folders that may contain secrets unless the skill is updated to redact matches and clearly disclose its scan scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises no declared permissions, yet its instructions explicitly allow use of python3 and imply reading local resources and writing output files. This creates a capability transparency gap: reviewers and users may trust the skill as lower risk than it really is, increasing the chance of unintended file access or shell execution in sensitive environments.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The described purpose is limited to assembling compliance evidence, but the detected behavior suggests broader analysis functions such as directory scanning, content inspection, pattern-based high-risk scanning, and multiple audit modes. This mismatch is dangerous because it can conceal wider data access and processing than users expect, potentially exposing sensitive files or enabling unauthorized analysis under the cover of a benign compliance task.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script includes a generic pattern-scanning mode that searches arbitrary files for secrets, dangerous shell commands, and private URLs, which goes beyond the stated purpose of assembling compliance evidence into directories, inventories, and gap lists. This scope expansion materially increases the skill's capability and data exposure surface, especially because it reads repository contents and emits matched snippets into reports.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill_audit functionality performs repository/package conformance auditing by checking for required files and parsing SKILL.md metadata, which is broader than simple compliance evidence assembly. In this context, the mismatch between declared purpose and implemented behavior can cause operators to run an unexpectedly invasive audit over a skill directory and trust outputs for decisions the tool was not intended to make.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The built-in patterns detect secret-like assignments and risky command constructs, then include matching snippets in output. For a compliance evidence skill, this is unjustified sensitive-content processing: it may surface credentials or internal security-relevant material from arbitrary files into generated reports, logs, or downstream systems, creating a real confidentiality risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad, natural-language phrases that can overlap with ordinary user requests, increasing the chance that the skill is invoked unintentionally in unrelated contexts. In a compliance workflow, accidental activation can cause inappropriate processing of sensitive evidence directories or generation of audit-style output when the user did not intend to use this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal