ClawHub

Partner Enable Kit

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a local partner-enablement draft generator, with no evidence of network access, credential use, persistence, or automatic external changes.

Use this for local draft generation and provide only partner materials you are allowed to process. Review the generated Markdown before sharing it, choose output paths carefully, and avoid modifying the bundled spec to enable the dormant audit modes unless you intentionally want local file-scanning behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow using python3 with input/output files, which implies shell execution and file read/write capability. This mismatch weakens security review and user consent because the effective capability surface is broader than what the metadata communicates.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented purpose is limited to generating partner enablement materials, but the detected behavior indicates broader auditing and scanning functions over files/directories, including pattern matching for secrets, risky commands, and skill validation modes. A capability mismatch of this kind is dangerous because it can be used to access or inspect unrelated local data under a benign-looking description, reducing the chance that reviewers or users recognize the true scope.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script’s implemented capabilities are materially broader than the declared purpose of generating partner enablement packages. It can audit arbitrary directories, CSVs, repositories, and scan for risky patterns, which creates a scope mismatch that could let operators repurpose the skill to inspect unrelated local content and expose sensitive file metadata or snippets. In the context of a partner-enablement skill, this hidden general-purpose auditing behavior is more dangerous because users would not reasonably expect broad filesystem inspection.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The pattern scanner searches arbitrary files for secrets, private URLs, and dangerous shell indicators, then includes matched snippets in output. Even though the secret-like pattern partially masks values, it still performs sensitive-content discovery and disclosure beyond the skill’s stated business purpose, increasing the chance of unauthorized inspection of local data. In this skill context, that capability is unjustified and therefore riskier than it would be in a dedicated security-audit tool.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code can audit arbitrary skill repositories for presence of files and frontmatter structure, which is unrelated to partner/channel enablement package creation. This expands the tool into repository reconnaissance, enabling collection of project structure and metadata from local directories without a business-justified need. Because the declared skill purpose is non-security content generation, this hidden inspection capability increases trust mismatch and misuse risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal