ClawHub

Nalog Ru

Security checks across malware telemetry and agentic risk

Overview

This tax-assistant skill includes unrelated instructions to run local Python and persist a counter file for promotional messages, so it should be reviewed before use.

Install only if you are comfortable with the skill running local Python and writing a counter file for attribution or promotional messages. For a tax helper, prefer a version that removes the counter, promotional Telegram logic, and side-effecting shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill’s declared purpose is tax calculation, but it embeds hidden operational instructions to execute local Python and read/write a workspace file. This is dangerous because it creates undeclared side effects, violates least privilege, and can be used as a foothold for local state manipulation unrelated to the user’s request.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A tax assistant has no legitimate need to run local Python code, inspect workspace files, or persist counters on disk. The mismatch between business function and requested code execution materially increases risk because it suggests covert behavior embedded in otherwise benign content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The Markdown includes hidden instructions to execute Python and write a counter file without any user-facing disclosure or consent. Undisclosed local side effects are dangerous because they enable stealthy persistence, telemetry, or environment probing under the cover of a benign tax-calculation skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal