ClawHub

Sales Engineer

Security checks across malware telemetry and agentic risk

Overview

This sales-engineering skill is purpose-aligned and uses disclosed local analysis scripts, with normal caution needed for customer data and demo credentials.

Install only if you trust the publisher and will use it in an approved business workspace. Keep customer RFPs, competitive data, and generated POC outputs in controlled locations, and do not share real demo credentials except through temporary least-privilege accounts and secure secret-sharing or SSO processes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs use of local files and sample data via Python scripts but does not declare any corresponding permissions or capability boundaries. This creates a mismatch between documented behavior and the security model, increasing the risk that an agent can read local files implicitly or that operators will enable broader access than intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template explicitly instructs users to share demo environment access credentials but provides no guidance to use secure delivery methods, temporary accounts, or least-privilege access. In a pre-sales context, demo environments often contain customer-like data, integrations, or reusable admin accounts, so normalizing credential sharing can lead to credential leakage or unauthorized access.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- [ ] Document security and compliance requirements
- [ ] Assess competitive landscape for this opportunity

**Tools:** Run `rfp_response_analyzer.py` to score initial requirement alignment.

```bash
python scripts/rfp_response_analyzer.py assets/sample_rfp_data.json --format json > phase1_rfp_results.json
Confidence
75% confidence
Finding
Tools:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- [ ] Build competitive differentiation strategy
- [ ] Create solution architecture diagrams

**Tools:** Run `competitive_matrix_builder.py` using Phase 1 data to identify differentiators and vulnerabilities.

```bash
python scripts/competitive_matrix_builder.py competitive_data.json --format json > phase2_competitive.json
Confidence
75% confidence
Finding
Tools:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- [ ] Track progress against success criteria
- [ ] Generate evaluation scorecard

**Tools:** Run `poc_planner.py` to generate the complete POC plan.

```bash
python scripts/poc_planner.py poc_data.json --format json > phase4_poc_plan.json
Confidence
74% confidence
Finding
Tools:*

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal