ClawHub

Creator Course Outline

Security checks across malware telemetry and agentic risk

Overview

This skill is a local course-outline generator with a disclosed Python helper; it contains unused audit/scanning code, but the normal configured workflow does not activate it.

Reasonable to install for drafting creator-course outlines. Run the helper only on course material you intend to process, choose output paths deliberately because it can create or overwrite files, and review future updates carefully if the unused audit/scanning code becomes exposed or enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions, yet its instructions explicitly reference reading local resources, writing output files, and invoking `python3`, which implies file and shell capabilities. This is dangerous because callers and policy engines may treat the skill as low-risk while it can access the filesystem and execute local code, increasing the chance of unintended data exposure or command execution.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The dispatcher exposes multiple operational modes such as directory, CSV, pattern, and skill auditing that are unrelated to the declared purpose of generating creator course outlines. This broadens the skill into a general local inspection tool, increasing the chance that an orchestrating agent will use it to enumerate files, inspect repositories, or analyze sensitive local content outside the user’s expected scope.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The pattern scanning mode searches local files for secrets, private URLs, and risky shell constructs, which is a security-audit capability not justified by a curriculum-authoring skill. In an agent setting, this can be abused to inspect arbitrary user repositories or documents and surface sensitive information, even if partially redacted in output.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill audit logic performs repository completeness and frontmatter compliance checks for skill packages, which is materially different from course-outline generation. That mismatch can cause over-privileged use of the tool against local project directories, exposing structure and metadata that the user did not intend to share through a course-authoring workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal