ClawHub

Review Miner

Security checks across malware telemetry and agentic risk

Overview

This is a local review-analysis skill with proportionate file input/output, though its script contains unused audit code that users should not enable casually.

Install only if you trust the publisher enough to run a local Python helper. Use it on review or feedback files you intend to analyze, redact personal or sensitive customer data first, prefer --dry-run or stdout when you do not need a file written, and do not edit the bundled spec to enable the unrelated audit modes unless you intentionally want that local scanning behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises no declared permissions, yet its instructions explicitly allow running `python3` and imply reading local resources and writing output files. This creates a transparency and policy gap: a caller or platform may treat the skill as low-risk while it can perform filesystem access and shell-backed execution, increasing the chance of unintended data access or command execution in a permissive runtime.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
A skill presented as review mining should not also perform broad local directory scanning, file inventorying, secret-pattern searches, URL/admin-path discovery, or spec-driven audit mode switching without clearly disclosing that behavior. This mismatch is dangerous because it can be used to access unrelated local data under the cover of a benign marketing workflow, and users may provide broad paths or files they would not have shared if the true behavior were transparent.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s advertised purpose is review mining, but the dispatch logic enables unrelated modes such as directory auditing, pattern-based security scanning, and skill-package auditing. This scope mismatch is dangerous because users may grant or supply broader filesystem inputs under the assumption of narrow review processing, enabling unintended reconnaissance over local repositories and documents.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The recursive directory scan collects arbitrary text/code files from any supplied root, far beyond customer-review inputs. In the context of a review-mining skill, this creates an overbroad data access path that can expose source code, internal notes, configs, and other sensitive content to downstream processing.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The built-in regex set searches for secrets, shell payloads, destructive commands, and private URLs, which is unrelated to review analysis and indicates covert security-audit capability. Even though it only reports matches, it can still surface sensitive tokens and internal endpoints from arbitrary files, increasing the risk of data disclosure and misuse.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill_audit routine inspects package structure and parses SKILL.md metadata for other skills, a capability unrelated to mining customer feedback. This broadens the operational scope into repository/package reconnaissance, which can expose project internals and mislead users about what the tool actually examines.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The CLI description frames the script as a local support script for the skill, but the actual functionality includes broad repository and security auditing behaviors. Misleading descriptions are dangerous because they undermine informed consent and can cause operators to run a tool with far greater inspection scope than expected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal