ClawHub

MCP Tool Maker

Security checks across malware telemetry and agentic risk

Overview

This MCP code-generation skill appears legitimate, but it asks the agent to generate/write integration code while using overbroad local file/import behavior that users should review first.

Review the generated files and destination paths before allowing writes. Prefer using this skill only on an explicit allowlist of source files, and avoid accepting generated code that adds broad sys.path entries or wraps unrelated local modules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill is not just a generic MCP wrapper generator: it hard-codes enumeration of local files and injects a fixed local directory into sys.path in generated output. In an agent environment, this can expose unrelated local code for discovery/import and broaden the trust boundary, making accidental sensitive code exposure or unsafe tool wrapping more likely.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad phrases like help with MCP tool generation or scanning functions, which can overlap with ordinary user requests unrelated to this specific skill. Overbroad activation increases the chance the skill is invoked unexpectedly, potentially causing unsolicited code generation or file modification workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes automatic code generation and direct writing to files without warning the user that local files may be created or modified. In this context, the skill is intended to produce MCP registration code, so silent writes could alter project files or introduce unsafe generated code into a server integration path.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal