ClawHub

Run Command Safety Check

Security checks across malware telemetry and agentic risk

Overview

This skill is a local command-review helper that reads user-supplied command/script inputs and optionally writes a report, with no evidence of hidden network use, credential access, persistence, or command execution.

Install is reasonable if you want a local shell-command review aid. Use it on specific command text, scripts, or narrowly scoped folders; review any generated report before sharing because it may include local paths or matched snippets. Treat the result as advisory, and keep human approval for destructive commands such as rm, chmod, redirects, package install scripts, or production changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill declares no explicit permissions, yet its instructions permit reading local resources, writing output files, and invoking `python3`, which creates a capability gap between declared metadata and actual behavior. This is dangerous because reviewers and policy engines may trust the undeclared permission surface, allowing shell/file operations to occur without informed approval or proper sandboxing.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is described as a narrow shell-command safety checker, but the behavior summary indicates a much broader, dynamic analysis/reporting engine that can inspect directories, parse multiple file types, validate project structure, and detect unrelated content such as secrets or private URLs. This mismatch is dangerous because users and orchestrators may invoke it under a narrower trust model, while it actually processes far more data and performs broader inspection than expected, increasing the risk of overcollection, unintended disclosure, and policy bypass.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The dispatcher enables several modes unrelated to shell-command safety checking, including directory, CSV, and skill audits. In a skill advertised as a command safety checker, this capability expansion violates least privilege and can be abused to inspect arbitrary local content the caller points it at, increasing data exposure and making the skill more dangerous than its stated purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The directory_report path recursively inventories files, reads Markdown content, and summarizes directory structure for any supplied path. That is an information-disclosure capability unrelated to checking dangerous shell commands, and in an agent context it could be repurposed to enumerate sensitive project files or extract document metadata from arbitrary directories.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The CSV analysis mode reads arbitrary local datasets and produces field-level summaries, which is unrelated to shell command safety review. In practice this broadens the skill into a generic data-inspection tool and could expose sensitive dataset structure or contents when an agent is only supposed to review command safety.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal