ClawHub

InspirAI Skill Audit

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an audit tool, but its documented workflows include modifying local agent/plugin configuration in ways that are not consistently disclosed.

Install only if you are comfortable with a skill that may change local agent or plugin configuration, not just report findings. Before using remediation or resolve steps, review commands carefully, back up plugin configuration, and prefer supported disable/uninstall commands over direct JSON edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest presents the skill as an audit/analysis tool, but the documented behavior includes operational changes such as disabling commands and altering plugin state. This mismatch can mislead users into granting trust or invoking the skill expecting read-only analysis, when it can later drive configuration-changing actions.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation states that scanning is completely read-only, but the scan flow writes an audit cache file to the user's home directory. Even though the write is limited, the inaccurate claim undermines user consent and can create trust and integrity issues around filesystem modifications.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The safety rules say plugin handling should avoid directly modifying installed_plugins.json, yet the resolve flow shows a jq command that edits that file anyway. Directly mutating plugin registry state can corrupt installation metadata, disable tools unexpectedly, or create hard-to-recover configuration damage if the file format or loader behavior differs from assumptions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal