ClawHub

ClawSkillShield

Security checks across malware telemetry and agentic risk

Overview

This security-scanner skill appears local and purpose-aligned, but its risk labels and automatic quarantine behavior could cause unsafe or disruptive decisions.

Review before installing or enabling automation. Use this skill in scan-only mode if possible, do not allow automatic quarantine without explicit approval, and verify the risk-label behavior is fixed before relying on its results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The risk-labeling logic is inverted: scores >= 7 are reported as LOW RISK while scores < 4 are reported as HIGH RISK. This can cause dangerous skills to be presented as safe and low-risk skills to be escalated, directly undermining the trustworthiness of the scanner's output and any downstream automation that relies on it.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The function performs a real file move into a quarantine directory yet describes this operation as 'Safe for agents to auto-trigger on HIGH RISK'. That messaging is dangerous because it encourages autonomous destructive action without human validation, increasing the chance of unintended file loss, workflow disruption, or abuse if an attacker can influence the supplied path or scanner output.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly advertises quarantine behavior that can move files/directories automatically, but it does not clearly warn users that invoking the command or API may alter the local filesystem. In an agent-facing tool, undocumented or under-documented destructive side effects increase the risk of unintended file movement, workflow disruption, or loss of access to installed skills.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The README encourages autonomous agents to auto-trigger quarantine based on detection thresholds without describing opt-in controls, confirmation requirements, or policy boundaries. In agentic environments, this can cause unintended autonomous filesystem changes, denial of access to legitimate skills, and abuse if a scanner is overly sensitive or manipulated to generate false positives.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises an automatic quarantine capability that can modify, move, or restrict access to local files, but the documentation does not clearly warn users about those side effects or require explicit confirmation. In an agent context, this increases the risk of unintended local file changes or disruption to installed skills, especially if the quarantine function is invoked autonomously.

Missing User Warnings

High
Confidence
98% confidence
Finding
The quarantine routine deletes any preexisting target directory and then moves the supplied path without warning or confirmation. In an agent-executed context, this is especially risky because a false positive, a malformed path, or attacker-influenced input could cause irreversible disruption to local files and denial of service for legitimate skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal