ClawHub

Decision Ledger

Security checks across malware telemetry and agentic risk

Overview

This is a local decision-summary helper with disclosed Python file input/output behavior; the broader scanning code found by the scanner is present but not reachable through the shipped configuration.

Install only if you are comfortable running a small local Python helper on files you choose. Use it for meeting notes, chat excerpts, and project documents, prefer stdout or dry-run for sensitive material, and review the generated decision ledger before relying on it for governance, legal, or external publication decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill advertises itself as a decision-extraction helper, but it explicitly permits use of python3 and documents a shell invocation that reads and writes files. Even without declared permissions, these execution-capable behaviors expand the attack surface and can enable unintended local file access or script execution if the runtime trusts the skill metadata and instructions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
A strong description-behavior mismatch is a real security concern because users and orchestrators may route sensitive meeting materials to a skill that appears narrowly scoped, while the underlying implementation reportedly performs broader filesystem inspection, parsing, and security scanning across files or directories. That hidden breadth increases the chance of unauthorized data collection, overreach into unrelated files, and misuse of the skill as a generic scanner rather than a bounded decision-ledger tool.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The dispatcher supports multiple generic audit modes such as directory, CSV, pattern, and skill-package auditing that exceed the declared purpose of extracting decision records from meeting or project materials. This broadens the skill's operational scope to arbitrary file inspection, increasing the chance of unintended data access and misuse in environments where the skill may be trusted with repository contents.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The pattern scanner searches arbitrary files for secrets, internal URLs, and dangerous shell snippets, which is unrelated to a decision-ledger skill and materially expands data inspection capability. In a skill context, this can expose sensitive repository content or enable covert reconnaissance under the cover of a benign governance workflow.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Recursive directory enumeration allows the script to collect and inspect arbitrary text-like files under a provided root, far beyond the stated need to summarize decisions from specific materials. In the context of an agent skill, that overreach increases the risk of incidental collection of secrets, private notes, code, or operational documents without clear necessity.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill_audit routine inspects package structure and parses SKILL.md frontmatter for compliance checks, functionality that is unrelated to extracting decisions and indicates hidden multi-purpose behavior. This mismatch is dangerous because users may grant access based on the benign skill description while the code performs broader repository analysis than expected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal