ClawHub

Support Macro Crafter

Security checks across malware telemetry and agentic risk

Overview

This skill is a local customer-support template drafting helper; it has some dormant audit code, but the shipped configuration does not expose network access, credential use, persistence, or automatic high-impact actions.

Install if you want a local drafting helper for customer-service macros. Review generated replies before using them with customers, redact sensitive customer data where possible, and run the Python helper only on input files and output paths you intentionally choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises itself as a template generator, but its instructions explicitly allow use of `python3` with input/output files and reference local resources, which introduces shell execution and read/write capabilities without any declared permission model. This is dangerous because users and orchestrators may trust the metadata as low-risk while the skill can trigger code execution paths and filesystem access that expand the attack surface.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The implementation materially diverges from the stated skill purpose of generating customer-service reply templates. Instead, it can scan directories, inspect repository contents, parse CSVs, and perform pattern-based audits, which expands access to local files and enables data discovery behaviors not implied by the declared support workflow. In an agent setting, this kind of hidden capability is dangerous because users may authorize the skill for benign text generation while it actually processes unrelated local content.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The script contains broad repository/content auditing functions such as recursive file enumeration, markdown heading extraction, CSV sampling, frontmatter parsing, and regex scanning for secrets or risky commands. Those capabilities are unrelated to a support-macro tool and could be abused to inventory sensitive project data or inspect local workspaces under misleading pretenses. The mismatch between claimed purpose and actual access pattern increases the chance of over-privileged deployment and unintended data exposure.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger examples are broad natural-language phrases such as '给我一套客服回复模板' and '统一语气和升级提示', which can overlap with ordinary user requests and cause accidental invocation of the skill. In an agent environment, misrouting can expose user content to the wrong transformation pipeline, produce unintended templated responses, and reduce operator control over when the skill is applied.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal