ClawHub

Onboarding Journey Designer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local onboarding-plan generator with disclosed Python execution and no evidence of network access, credential use, persistence, or automatic high-impact actions.

Reasonable to install for drafting onboarding journeys. Only run the helper script on files you intend to share with the skill, avoid sensitive personal or business data unless needed, and choose an output path carefully because the script can create or overwrite that file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no explicit permissions, yet its instructions reference local file access (`resources/`, `examples/`, `tests/`) and shell execution via `python3 .../scripts/run.py`, which creates undeclared capability creep. This is dangerous because callers and policy systems may assume the skill is content-only, while it can actually read local files, write outputs, and invoke code in the runtime.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The dispatcher enables multiple unrelated audit modes such as directory, CSV, pattern, and skill-package analysis, which materially exceed the declared purpose of designing onboarding journeys by Day 1/7/30. In a skill ecosystem, this kind of scope drift is dangerous because it allows the skill to process arbitrary local files and directories, creating an unnecessary pathway for data enumeration and misuse under a misleading benign description.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The code implements security-style regex scanning for secrets, private URLs, and shell execution patterns across arbitrary files. That functionality is not justified by the onboarding-planning context and increases risk because users may unknowingly expose sensitive repository or filesystem contents to a skill whose stated role appears innocuous.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script can inspect arbitrary directories and CSV files and summarize their contents, which is outside the stated onboarding-journey design use case. Even without exfiltration, this broad file-access capability increases the attack surface and can lead to unintended disclosure of project structure, headings, field names, and sampled data from sensitive local resources.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal