ClawHub

Follow Up Commander

Security checks across malware telemetry and agentic risk

Overview

The meeting follow-up workflow is mostly limited, but the bundled Python helper includes under-disclosed local audit and secret-scanning features outside that purpose.

Install only if you are comfortable with a local Python helper. Use it on explicit meeting-note files, avoid pointing it at broad folders or unrelated repositories, and review drafts before sending anything. The publisher should remove the unused audit modes or split them into a clearly named audit skill with explicit file-access boundaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow shell execution via python3 and reference reading local resources and writing output files. This creates a capability/permission mismatch that can mislead users and policy systems about what the skill can actually access or modify.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script implements broad directory inspection, CSV auditing, regex-based pattern scanning, and skill-package auditing that materially exceed the stated purpose of a meeting follow-up assistant. This scope expansion enables users to analyze arbitrary local files and repositories, creating an unjustified data-access and repurposing risk for a skill that should only transform meeting follow-up content into checklists, reminders, and draft emails.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The pattern_audit mode scans arbitrary files or directories for security-sensitive strings such as secrets, private URLs, and dangerous shell snippets. In a meeting follow-up skill, this is unjustified reconnaissance functionality that can be used to inspect unrelated local content and surface sensitive information, making the skill more dangerous than its description suggests.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill_audit functionality inspects arbitrary skill package layouts and parses SKILL.md frontmatter, which is unrelated to follow-up planning or email drafting. Although less directly sensitive than secret scanning, it still broadens the tool into a generic package auditor and enables unintended inspection of local project contents beyond the user-expected workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal