ClawHub

Template Snippet Switchboard

Security checks across malware telemetry and agentic risk

Overview

This skill is a local template and snippet organizer with disclosed optional Python execution and no active evidence of network access, credential use, persistence, or destructive behavior.

Reasonable to install for local template and snippet organization. Run the helper only on files you intend to process, avoid unnecessary sensitive inputs, review output before use, and treat the dormant audit code as a maintenance concern if you customize the bundled spec.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises no explicit permissions model, yet its instructions include reading local resources, writing output files, and invoking `python3`, which implies file I/O and shell execution capability. This creates a governance gap: reviewers and users cannot accurately assess the operational access the skill expects, increasing the risk of unintended execution or unsafe reuse in environments that auto-enable such capabilities.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The script exposes broad file, directory, pattern, CSV, and skill-package auditing behaviors that exceed the declared purpose of template/snippet management. That capability can be used to inspect arbitrary local repositories and files, increasing data exposure risk and expanding the skill into a generic reconnaissance tool without clear user-facing justification or scope controls.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The built-in regex scanner searches arbitrary files for secrets, internal URLs, and shell execution patterns, which is unrelated to template switching. In context, this creates a capability to enumerate sensitive content from user-provided paths and emit snippets into reports, potentially disclosing confidential data even though some masking is attempted for one pattern.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill-package compliance audit inspects filesystem structure and parses SKILL.md metadata, which is outside the advertised template/snippet workflow. While not directly code-executing, it broadens the skill into repository inspection and metadata harvesting, enabling unintended disclosure of project layout and contents when pointed at arbitrary directories.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger examples are generic enough that ordinary writing-related requests could unintentionally invoke this skill. In a multi-skill routing environment, overly broad triggers can cause misrouting, leading the agent to apply this template-management skill in contexts it was not intended for, potentially processing sensitive drafting or customer/sales content without the right review boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal