ClawHub

Proposal Comparator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local proposal-comparison helper; it runs an optional Python script on user-chosen inputs and does not show network access, credential use, persistence, or destructive behavior.

Reasonable to install for local drafting and comparison. Use it only with proposal files you intend to process, avoid feeding sensitive material unless appropriate, and review any generated report before sharing or acting on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow shell execution via python3 and imply reading/writing input and output files. This creates a capability transparency gap: operators and policy systems may treat the skill as low-risk while it can actually execute local code and touch the filesystem.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation claims the skill is 'default read-only' and should avoid risky external actions, but it also instructs the agent to use shell execution through python3. That contradiction can cause users or orchestration systems to underestimate risk and permit execution in contexts where only passive analysis was expected.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Granting shell/exec capability is not necessary for the stated business purpose of comparing proposal documents and generating recommendations. Unnecessary execution capability expands the attack surface, especially if adversarial input can influence file paths, script behavior, or output destinations.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script exposes multiple generic operating modes such as directory auditing, CSV auditing, pattern scanning, and skill-package auditing that go well beyond the declared proposal-comparison purpose. In an agent-skill context, this expands the skill's effective capability to inspect arbitrary local content, increasing the chance of unintended data access, policy bypass, or repurposing the skill as a general reconnaissance tool.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The pattern_audit functionality scans arbitrary files or directories for security-sensitive strings such as secrets, private URLs, and dangerous shell snippets, which is unrelated to proposal comparison. In this skill context, that turns the tool into a lightweight security scanner over local content, enabling broad inspection of user files and possible exposure of sensitive data in generated reports.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill_audit path performs package-structure and frontmatter compliance auditing for arbitrary skill directories, which is outside the stated decision-support function. While not directly destructive, it broadens the skill into a generic repository inspection tool and can reveal internal project structure and metadata from directories the user did not intend to expose for proposal analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal