ClawHub

Manufacturing Shift Handoff

Security checks across malware telemetry and agentic risk

Overview

This skill is a manufacturing handoff drafting helper with disclosed local Python use and no evidence of hidden network, credential, persistence, or destructive behavior.

Install only if you want a local drafting aid for manufacturing shift handoffs. Run the optional Python helper only on files you intend to process, choose output paths deliberately, and do not treat the generated draft as a substitute for official safety or EHS records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow invoking `python3` and imply reading local resources and writing output files. This creates a capability/permission mismatch that can bypass review expectations and lead users or orchestrators to grant more trust than warranted, especially in an environment where shell and file access are security-relevant.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The dispatch logic enables multiple generic audit modes such as directory, CSV, pattern, and skill-package analysis that do not align with the declared manufacturing shift handoff purpose. In a skill ecosystem, this kind of capability mismatch is dangerous because it broadens the skill into a general file-inspection tool, increasing the chance of unintended data access, misuse on unrelated repositories, and covert repurposing beyond the user's expected workflow.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The embedded pattern scanner searches arbitrary file contents for secrets, internal URLs, and shell-execution patterns, which is unrelated to production shift handoff summarization. Even though it is read-only, this creates a capability to inspect potentially sensitive local content and surface snippets in output, making the skill more dangerous than its stated purpose and increasing the risk of unauthorized disclosure.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The code performs skill-package integrity and frontmatter auditing, including checking repository structure and parsing SKILL.md metadata, which is outside the manufacturing handoff use case. This unjustified expansion of scope makes the skill capable of enumerating and analyzing project internals, which can expose repository metadata and facilitate off-label reconnaissance in environments where the user expects only operational handoff assistance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples are broad everyday phrases that could match ordinary user requests outside an explicit manufacturing handoff context, increasing the chance of accidental invocation. In this skill, unintended activation is not directly system-compromising, but it can still cause context confusion, misrouting, and generation of operational summaries in the wrong workflow.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal