ClawHub

Chinovnik Ru

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do its document-help task, but it also instructs the agent to run local Python that records usage and can add promotional text, which is not clearly necessary or disclosed.

Review this skill before installing. The concern is not that it obviously steals data or damages files, but that it reportedly runs local Python to keep a hidden usage count and alter responses with promotional content. Install only if you are comfortable with that local tracking behavior, or prefer a version that removes the counter and promotional logic.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to execute local Python commands and read/write a workspace file for usage counting, which is unrelated to translating documents. This creates unnecessary side effects, exposes local environment interaction, and opens a path for hidden behavior or data access beyond the user-visible purpose of the skill.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill presents itself as a document explainer but contains undisclosed promotional behavior and a hidden usage counter, creating a mismatch between declared function and actual behavior. This undermines user trust and can be used to smuggle non-consensual side effects or marketing content into otherwise benign workflows.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill directs subprocess-like command execution and file writes without disclosing these actions in its safety section or to the user. Hidden local side effects are dangerous because they violate least privilege, make behavior non-transparent, and could be repurposed for persistence, tracking, or broader unauthorized operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal