ClawHub

Study Limitations Drafter

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local phylogenetic-tree visualization helper that reads user-selected inputs and writes generated output files, with no evidence of hidden network, credential, persistence, or destructive behavior.

Install only if you are comfortable running a local Python script on chosen data files. Keep input and output paths inside a working project folder, avoid sensitive datasets unless needed, and treat the documented path-safety checklist as guidance rather than a guaranteed sandbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation indicates the packaged workflow can write output files, but the skill does not declare permissions or enforce any boundary on where writes may occur. In an agent setting, undeclared file-write capability can lead to writes outside the intended workspace, overwriting local files, or producing artifacts in sensitive locations if downstream code trusts user-supplied paths.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The skill asserts path validation and workspace-restriction controls, yet the file shows no enforcement and directs users to run a local Python script that reads inputs and writes outputs. In this context, unverified security claims can create unsafe operator trust and enable path traversal or arbitrary file access if scripts/main.py accepts attacker-controlled paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal