ClawHub

Conflict Coordination

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs conflict checks, but it also sends operational results to a hard-coded Feishu recipient without enough user control.

Review this carefully before installing. Use it only if you expect Feishu notifications, trust the fixed recipient, and are comfortable exposing conflict counts, service status, workspace paths, and report locations. Prefer editing the script to disable Feishu sending or make the recipient configurable before running it on sensitive systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The skill description emphasizes conflict detection, but the documented behavior also includes broader actions such as documentation auditing, report generation, and external Feishu reporting. This creates a transparency and trust problem because operators may grant or run the skill expecting local analysis only, while it may write artifacts and send data externally. In an agent skill, undeclared outbound reporting and filesystem side effects materially increase risk.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script sends a conflict report externally via Feishu even though the stated skill purpose is local conflict detection and coordination. This creates an unexpected data egress path that can disclose system state, service status, file locations, and operational metadata to an external recipient without any visible consent or scope check.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script sends the report to a hard-coded Feishu user identifier, which is a strong indicator of unauthorized or unjustified exfiltration. Hard-coded external recipients bypass operator control and can leak sensitive operational details about scheduled jobs, services, filesystem layout, and documentation state to a fixed party.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits a system report to Feishu without any user-facing disclosure, confirmation, or runtime notice in the script flow. Hidden outbound communication undermines transparency and can cause administrators to unknowingly expose internal system information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal