ClawHub

Renewal Risk Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is a local renewal-risk reporting helper; its active behavior is user-directed file input and optional report output, with no evidence of network exfiltration, persistence, or external account changes.

Install only if you want a local renewal-risk/customer-success drafting helper. Provide explicit input files, review any output path before writing, and redact sensitive customer or personal data when possible. Treat results as a review draft, not a final renewal decision.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill declares no explicit permissions, yet its instructions authorize shell execution via python3 and imply reading local resources and writing output files. This creates a transparency and governance gap: callers or policy engines may treat the skill as low-risk while it can actually access files and invoke subprocesses, increasing the chance of unintended data access or command execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The observed behavior is materially broader than the stated purpose of renewal-risk analysis: it appears able to inspect arbitrary directories, parse various file types, run regex-based risk scans, and validate skill structure as a generic auditing framework. That mismatch is dangerous because users may provide sensitive workspace access under a business-analysis pretext, while the skill can perform broader discovery and reporting actions outside the expected scope.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script’s dispatch logic implements multiple generic audit modes such as directory, CSV, pattern, and skill-package auditing rather than renewal-risk monitoring described by the skill metadata. This mismatch materially broadens the tool’s behavior and data-access scope, creating a deceptive capability set that can be used to inspect arbitrary local files and repositories under the guise of a customer-success workflow.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code contains built-in scanning for secrets, dangerous shell patterns, and private URLs, which is unrelated to renewal-risk analysis and effectively turns the skill into a lightweight code/content scanner. In this skill context, that extra capability is dangerous because it enables unauthorized inspection of arbitrary files for sensitive material and can facilitate data discovery beyond the user’s reasonable expectations.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill-package auditing and frontmatter parsing logic is unrelated to renewal-risk monitoring and indicates hidden secondary functionality for inspecting local project structure and metadata. While less severe than secret scanning, it still expands the tool’s reach into arbitrary local directories and can be abused to enumerate files and internal package details without a business need tied to renewals.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The CLI description presents the script as a local support script for the renewal-risk skill, but the implementation is a generic multi-mode auditor. This misrepresentation increases operational risk because users may run it with sensitive paths or files believing it serves only the advertised customer-success function, when it actually performs broader inspection behaviors.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal