ClawHub

MCP Server Plus

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation/template helper, but its ready-to-use MCP examples include broad filesystem and database access without secure default scoping.

Install only if you are comfortable using it as educational scaffolding. Do not deploy the provided filesystem or database templates as-is; add path allowlisting, sandboxing, authentication, authorization, write confirmations, input validation, and least-privilege database credentials before connecting them to real systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The filesystem server example exposes read_file and write_file operations that directly use caller-supplied paths with no path normalization, allowlist, sandboxing, or permission checks. In an MCP context, this can enable arbitrary file read/write against the host running the server, which may lead to configuration tampering, data loss, secret exposure, or persistence if copied into production.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill advertises security best practices including authentication, but the concrete server templates perform sensitive actions such as external API access, SQL execution, and filesystem access without any authentication or authorization checks. This mismatch is dangerous because users may treat the examples as secure starter templates and deploy them with privileged capabilities exposed to any connected client.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation presents file writing as a normal capability without prominently warning that it can modify arbitrary host files and affect the user environment. In a skill repository, omission of this warning increases the chance that operators enable dangerous tooling without understanding the filesystem impact, especially because MCP tools may be invoked indirectly by agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal