ClawHub

Priority Conflict Resolver

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local planning helper that reads user-provided input and writes a structured priority/tradeoff report, with no evidence of network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable with a local python3 helper reading files you explicitly point it at and writing an output file you choose. Avoid feeding it sensitive personal or business data unless you intend that data to appear in the generated report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions, yet its instructions explicitly permit executing `python3` and using local resources that imply file read/write behavior. This creates a capability-transparency gap: users and policy layers may treat the skill as low-risk planning logic when it can actually access the filesystem and invoke a shell-adjacent execution path. In a user-invocable skill, undeclared execution and file capabilities increase the chance of unsafe use, accidental data exposure, or misuse in contexts that expected read-only behavior.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The dispatch logic enables multiple audit modes such as directory, CSV, pattern, and skill-package analysis, which materially exceed the declared purpose of a priority/tradeoff resolver. This kind of hidden capability expansion is dangerous because it allows the skill to inspect arbitrary local content and produce analysis unrelated to user-expected planning behavior, increasing the risk of unauthorized data exposure and misuse.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The pattern scanning functionality reads arbitrary files and searches them for secrets, URLs, and risky shell snippets, which is a powerful content-inspection feature unrelated to prioritization or planning. In the context of this skill, that mismatch makes the behavior more suspicious because users may supply paths expecting harmless planning assistance while the code instead examines potentially sensitive repository or system data.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code can enumerate directories, inspect Markdown headings, sample CSV/TSV contents, and audit package structure across arbitrary paths. Even without network exfiltration, this broad local inspection exceeds the advertised scope and can expose confidential filenames, document contents, metadata, and business data to downstream outputs or logs.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The template is entirely written in Chinese and gives no indication that output language should follow user preference or an explicit opt-in. In a generic planning/prioritization skill, this can cause unintended language coercion, reducing usability, causing misunderstanding, and potentially leading users to act on plans they do not fully understand.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal