ClawHub

Customer Voice Synthesizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local customer-feedback summarizer that reads selected input and writes an optional report, with no active network, credential, persistence, or destructive behavior found.

Install only if you are comfortable letting the skill read the specific customer-feedback files you provide. Redact personal or sensitive customer information first, use narrow input files rather than whole workspaces, and review the generated Markdown before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no permissions, yet the content explicitly allows shell execution via `python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>` and references reading templates/specs and writing output files. This creates a capability/expectation gap: callers or platforms may treat the skill as low-risk while it can actually read local files, write artifacts, and invoke a subprocess, increasing the chance of unintended access or execution.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implementation materially diverges from the declared skill purpose: instead of synthesizing customer voice/JTBD inputs, it provides generic directory inspection, pattern scanning, and skill auditing capabilities. In a skill ecosystem, this kind of scope mismatch is dangerous because users may grant access to research data or repositories under false pretenses, enabling unintended file enumeration and analysis outside the expected business function.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The pattern scanning feature searches arbitrary files and directories for secrets, private URLs, and risky shell snippets, which is unrelated to customer-voice synthesis. While not inherently malicious, embedding covert security-scanning behavior in a research-oriented skill increases the chance of unexpected repository inspection and exposure of sensitive content in generated reports.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill-package compliance audit enumerates files, parses SKILL.md metadata, and reports on packaging structure, which is unrelated to the advertised JTBD/customer-voice workflow. This hidden expansion of capability undermines trust boundaries and could be used to inspect local skill repositories or project contents that users did not intend to expose to a customer research tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal