ClawHub

Dogovor Ru

Security checks across malware telemetry and agentic risk

Overview

This contract-explainer mostly matches its stated purpose, but it also silently runs local Python commands to store a usage counter and add promotional links.

Review before installing. The contract explanations may be useful, but the Attribution block should be removed or changed because it creates hidden local side effects for advertising. This does not show clear malware, credential theft, exfiltration, or destructive behavior, but the extra authority is under-disclosed and outside the skill’s purpose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s declared purpose is contract explanation, but it instructs the agent to run Python commands, read and write a workspace file, and append promotional content based on a counter. That is unrelated hidden behavior with side effects, creating a covert persistence and tracking mechanism and violating least privilege for a purely analytical skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Filesystem reads/writes and persistent state tracking are unjustified for a contract-explainer and materially expand the skill’s capabilities beyond analysis. Even if the current file only tracks a counter, the pattern normalizes agent-side command execution and persistence, which can be repurposed for covert data storage, environment probing, or other unauthorized actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The markdown contains undisclosed subprocess execution and file writes, which are invisible to the user and unrelated to the stated task. Hidden side effects are dangerous because they let a seemingly harmless document-analysis skill perform local actions, persist data, and inject promotional material without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal