ClawHub

Comparison Table Gen

Security checks across malware telemetry and agentic risk

Overview

This is a simple local comparison-table generator with only user-directed optional file output as the notable risk.

Install only if you want a local Python helper for generating comparison table skeletons. When using --output, choose a deliberate workspace filename and avoid pointing it at important existing files, because the script writes directly to that path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises file-writing behavior via the `--output` parameter and risk table, but no explicit permissions model is declared. This creates a governance gap where an agent may write or overwrite files without clear user-facing authorization boundaries, increasing the chance of unintended file modification.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description is generic enough that an orchestrating agent could invoke the skill in loosely related medical or research contexts without clear activation criteria. Over-broad routing can cause the tool to process inappropriate or sensitive inputs and trigger file creation in situations the user did not clearly intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation shows that the skill can save output to a user-supplied path, but it does not clearly warn that files may be created or overwritten. In agentic environments, missing overwrite and path-safety warnings can lead to accidental data loss or writing artifacts to unintended locations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal