ClawHub

Sbom Explainer

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a local SBOM/dependency explainer, with disclosed Python execution and no evidence of networking, credential use, persistence, or destructive behavior.

Reasonable to install for SBOM or dependency-list explanation, especially when run on explicit files you choose. Treat the bundled Python script as local code: review changes before use, choose output paths deliberately, and do not feed broad directories or sensitive materials unless that is intended and approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow invoking `python3` and imply reading inputs plus writing outputs. That creates a capability/permission mismatch that can mislead the calling platform, reviewers, or users about what the skill may do, weakening sandboxing and informed consent. In this skill’s context, shell and file I/O are somewhat related to transforming SBOM inputs, but the undeclared access still makes the behavior more dangerous because it can be abused to process arbitrary files or invoke tooling outside the expected explanation-only role.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
A skill presented as an SBOM explainer but capable of scanning arbitrary directories, analyzing generic files, running regex-based secret or shell-pattern detection, and validating skill structure is overbroad and deceptive relative to its declared purpose. This mismatch is dangerous because users or orchestrators may route sensitive data to it under a narrow trust assumption, while the actual behavior supports broader inspection of local content and generation of reports beyond SBOM use cases. The security context makes this more severe: a security-themed skill is likely to be trusted with sensitive artifacts, so hidden general-purpose analysis capability increases the chance of unintended data exposure or misuse.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script's capabilities materially exceed the declared purpose of an SBOM/dependency risk explainer by supporting generic directory auditing, CSV inspection, regex-based pattern scanning, and skill packaging checks. This creates a scope mismatch that can lead operators to run broad local scans on arbitrary paths, increasing unintended access to unrelated repository contents and violating least-privilege expectations for the skill.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Including regex-based scans for secrets, private URLs, and dangerous shell patterns is unrelated to translating SBOMs into non-technical risk summaries and broadens the tool into a generic content scanner. In skill contexts, this can expose sensitive snippets from arbitrary files into generated reports, logs, or downstream LLM prompts, creating confidentiality risk beyond the user's expected task.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The ability to audit arbitrary directories and validate skill repository structure/frontmatter is outside the declared SBOM explainer function and encourages broad filesystem traversal. In this context, the mismatch is dangerous because users may grant or assume access for dependency explanation, while the code actually inspects unrelated files and metadata, increasing surprise and data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal