ClawHub

Doc Gap Finder

Security checks across malware telemetry and agentic risk

Overview

This is a local documentation-audit skill with disclosed Python execution and report generation, and no evidence of networking, credential theft, destructive actions, or hidden persistence.

Use this only on documentation folders or directories you are authorized to inspect, and review the generated report before sharing it because it can include local file names and Markdown headings. Avoid pointing it at an entire private repository unless that broader scan is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises read-only document analysis, but its content explicitly allows invoking `python3 ... --output <输出文件>`, which implies shell execution and file writing without any declared permission model. This creates a trust and containment gap: a caller or wrapper may assume the skill is harmless while it can actually execute local code and write arbitrary output files.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared purpose is narrow document-gap analysis, but the detected behavior reportedly includes scanning arbitrary CSV/TSV content, performing sensitive-pattern/security matching, validating skill project structure, and writing analysis results to arbitrary output files. This mismatch is dangerous because it can cause users and orchestrators to grant the skill broader access than intended, enabling data inspection or persistence operations outside the expected docs-only scope.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The skill contains a high-risk pattern scanner for secrets, private URLs, and dangerous shell constructs that materially exceeds the stated purpose of finding documentation gaps. In this context, scanning arbitrary repositories for sensitive content broadens access and data-handling scope, increasing the chance of unauthorized discovery or exposure of secrets during routine use.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The code performs repository/skill-package compliance auditing, including checking for specific files and parsing SKILL.md frontmatter, which is unrelated to the manifest's document gap analysis description. This hidden expansion of capability can cause users to run the tool on broader project contents than expected and disclose project structure or metadata outside the intended use case.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Secret-detection and dangerous-command detection are security-scanning capabilities that are unjustified for a document-gap-finding skill and can surface highly sensitive data from arbitrary files. Even though the report partially masks some matches, the scanner still reads broad file sets and emits matched snippets, creating a meaningful risk of secret leakage or over-collection.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples are broad natural-language phrases that can match ordinary user requests, increasing the chance this skill is invoked unintentionally in contexts where the user did not explicitly ask for a document-audit workflow. Because the skill is read-only and scoped to local document analysis, the impact is limited, but accidental routing could still expose unrelated files to scanning or produce confusing, over-broad analysis.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal