ClawHub

Qa Scenario Synthesizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local QA scenario drafting helper; it has some dormant audit code, but the shipped configuration and instructions keep normal use aligned with generating reviewable test scenarios.

Reasonable to install if you want local QA scenario drafts. Run it only on files you intend to process, choose output paths carefully, avoid sensitive input unless needed, and re-review the script if you modify resources/spec.json to enable one of the dormant audit modes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its content explicitly references local resource reads and a possible `python3` shell invocation that can write output files. This creates a capability/permission mismatch that can mislead reviewers and downstream policy enforcement, increasing the risk of unintended file access or command execution when the skill is invoked.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script supports multiple audit modes including directory, CSV, pattern, and skill-package auditing that materially exceed the declared purpose of QA scenario synthesis. This capability expansion increases the attack surface and can enable unintended repository inspection or security-review behavior under a misleading skill identity, which is dangerous in agent environments that rely on metadata and scope for trust decisions.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The built-in regex scanner looks for secrets, internal URLs, and shell-execution patterns, which is security-analysis functionality unrelated to the stated QA scenario synthesis task. In a mismatched skill, this is risky because it can scan arbitrary files and surface sensitive snippets from local content, creating data exposure and capability deception concerns.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill-package audit checks repository structure and parses SKILL.md frontmatter, which is unrelated to generating QA scenarios. While not immediately code-executing, it allows the tool to inspect package internals and metadata under a misleading purpose, undermining user expectations and enabling unauthorized inventorying of local project contents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal