ClawHub

Success Plan Generator

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches a customer-success planning use case, but its bundled Python helper contains unrelated local audit and scanning code that should be reviewed before installation.

Install only if you are comfortable reviewing the bundled Python helper. Use it with explicit, narrow input files, avoid pointing it at broad or sensitive directories, and review the generated plan before sharing or entering it into customer systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow running `python3` and writing output files, which creates undeclared shell, file-read, and file-write capability. This is dangerous because downstream systems, reviewers, or policy engines may treat the skill as lower-risk than it actually is, enabling unexpected local file access or command execution.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The dispatcher supports multiple generic audit modes such as directory, CSV, pattern, and skill auditing, which materially exceeds the declared purpose of generating B2B customer success plans. This kind of capability mismatch is dangerous because it enables broad local content inspection and repurposes the skill into a general analysis tool, increasing data exposure risk and creating an opportunity for unauthorized enumeration of user files.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code implements source/security-style pattern scanning for secrets, private URLs, and shell execution indicators, which is unrelated to customer success planning. In this skill context, that is risky because it can inspect arbitrary local files for sensitive material, surfacing snippets from confidential content and expanding the skill into a covert reconnaissance mechanism.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script audits skill package structure and parses SKILL.md frontmatter, which is outside the stated business function. While less severe than raw secret scanning, it still enables inspection of local project metadata and repository contents unrelated to success-plan generation, violating least privilege and increasing unintended data access.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The directory_report and csv_report logic performs generic filesystem and dataset auditing rather than producing customer success plans. This broadens the operational scope to arbitrary local data review, which can expose sensitive filenames, document headings, and sampled business data without a legitimate need tied to the advertised skill.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger examples are broad, natural-language phrases that can overlap with ordinary user requests, increasing the chance that the skill is invoked when the user did not explicitly intend to use it. In an agentic environment, unintended invocation can cause the model to apply this skill’s framing and output structure inappropriately, leading to workflow confusion or mishandling of customer-planning content.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal