ClawHub

Skill Usage

Security checks across malware telemetry and agentic risk

Overview

This skill locally counts Claude skill usage, but users should know it reads Claude history and project session logs to do so.

Install only if you are comfortable with the skill reading local Claude history and all project session JSONL files on that machine. Avoid using it on systems where Claude logs may contain secrets, client data, or proprietary prompts unless you have reviewed the script and accepted that local scan scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill uses Bash and explicitly instructs reading local files under ~/.claude/history.jsonl and ~/.claude/projects, but does not declare corresponding file-read permissions or present that access clearly as a permission boundary. This creates a transparency and least-privilege problem: users may invoke the skill without realizing it will inspect potentially sensitive local conversation history and installed skill metadata.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the skill scans Claude Code conversation history files, which can contain sensitive prompts, project names, paths, and other private metadata, but it does not clearly warn users about the privacy implications before installation or use. In this context, the skill’s core function depends on broad access to historical conversation data, so the lack of prominent disclosure and consent language creates a real privacy risk even if the feature is not overtly malicious.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
These lines direct analysis of conversation history files containing prior prompts, responses, and possibly secrets, but provide no privacy warning or consent step. Even if the goal is legitimate usage statistics, processing historical session data without explicit disclosure increases the risk of unexpected exposure of sensitive local data.

Missing User Warnings

Low
Confidence
87% confidence
Finding
Scanning installed skills and directly executing a local script are forms of local system access that should be clearly disclosed to the user. While this behavior appears aligned with the skill's purpose, the absence of a warning reduces informed consent and can normalize opaque filesystem access by skills.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal