ClawHub

Dataset Intake Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local dataset-auditing helper; its normal shipped path reads a user-provided file and writes a report, with broader scanner code present but not enabled by the packaged configuration.

Install only if you need local dataset intake reports and trust the source. Run it on specific files you are allowed to analyze, choose output paths deliberately, review reports before sharing, and avoid modifying the bundled spec unless you intentionally want to activate broader audit code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no explicit permissions, yet its instructions explicitly allow use of python3, reading local resources, and writing an output file. That creates a capability/metadata mismatch that can mislead policy enforcement, reviewers, or users about what the skill can actually do, weakening least-privilege controls and auditability.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script’s mode dispatch supports generic directory auditing, pattern scanning, and skill repository auditing that go well beyond the declared purpose of dataset intake checks. In an agent setting, this creates capability expansion: a user invoking a seemingly narrow dataset-audit skill can use it to inspect arbitrary local directories and repositories, which increases the chance of unintended file enumeration and disclosure of unrelated project information.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The built-in regex scanner searches arbitrary files for secrets, private URLs, and dangerous shell fragments, which is unrelated to dataset intake auditing and materially broadens the skill’s surveillance capability. Even though it is read-only, it can surface sensitive tokens, internal endpoints, and code snippets from unrelated files, creating an information disclosure risk inconsistent with the skill’s stated purpose.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill can audit arbitrary skill repositories, inspect required files, and parse SKILL.md frontmatter, which is unrelated to dataset quality validation. This lets a dataset-audit skill profile repository structure and metadata from other projects, violating least privilege and enabling cross-context inspection of local content not implied by the manifest.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples are broad enough to overlap with ordinary data-analysis requests, which can cause the skill to activate outside its intended intake-audit scope. In an agent environment, unintended invocation can lead to inappropriate file processing, confusing outputs, or bypass of more suitable skills, even though this README frames the skill as read-only and local-only.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal