ClawHub

Tech Debt Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent technical-debt analysis skill with intentionally vulnerable sample code used as scan input, not hidden runtime behavior.

Install only if you want a local technical-debt scanner. Treat assets/sample_codebase as intentionally unsafe demonstration code: do not run it with real credentials or deploy it. Review generated reports before sharing them, because scans of real repositories may record sensitive paths, code details, or detected secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (24)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements live application behavior including user lookup, dashboard rendering, authentication, token storage, and account-affecting network calls, which is unrelated to a tech-debt-tracking skill. That mismatch materially increases risk because users invoking a code-quality tool would not expect operational account actions or credential handling, creating a strong capability/intent red flag.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The login flow collects usernames and passwords, sends them to a remote API, stores returned tokens in localStorage, and reloads the page, none of which is justified by the declared technical-debt analysis purpose. In this skill context, hidden authentication capability is especially dangerous because it can capture credentials and establish persistent authenticated sessions under the guise of a harmless analysis tool.

Context-Inappropriate Capability

Critical
Confidence
100% confidence
Finding
This code issues an authenticated DELETE request to remove a user account based on UI interaction, despite the skill being described as a technical-debt tracker. An unjustified destructive capability inside an unrelated skill is highly dangerous because a user may trigger account deletion without understanding the scope, and any compromise of the page or event flow could abuse the bearer token to perform irreversible actions.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This file implements payment processing, refund, and transaction functionality despite the skill being described as a technical-debt tracker. That mismatch is dangerous because it introduces capability to process financial data and perform sensitive external actions that users and reviewers would not reasonably expect from this skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code performs live external financial transaction processing against Stripe, Square, and PayPal from within a skill whose stated purpose is technical-debt analysis. In this context, the behavior is highly dangerous because it can trigger real money movement and transmit payment metadata under the guise of an unrelated maintenance tool.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Customer-facing payment confirmation behavior is unrelated to technical-debt tracking and indicates the skill can interact with user communications about transactions. In the stated skill context, this expands the unexpected action surface and can mislead users into believing legitimate payment events occurred.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Refund and transaction-handling functions are outside the declared purpose of a tech-debt tracker and introduce sensitive financial-operation semantics. Even incomplete implementations are risky because they create interfaces that downstream agents or users may invoke, expecting real financial effects.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The refund method returns success while comments explicitly state that it does not actually process a refund. This is dangerous because callers may trust the success result, causing financial reconciliation errors, false assurances to users, or failure to perform required remediation after a refund request.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file implements a user account service rather than the declared tech-debt tracking capability, creating a strong skill/implementation mismatch. In an agent setting, this is dangerous because hidden or unrelated functionality can expand the attack surface, process unexpected sensitive data, and indicate that the skill may perform actions outside user expectations.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This skill contains unjustified user administration and authentication features, including credential handling, account updates, deletion, export, and import, none of which are needed for tech-debt analysis. Because the skill context does not justify handling identity data, the mismatch makes the code more dangerous: it introduces unnecessary access to PII and credentials and suggests possible covert functionality or data collection.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README encourages scanning entire codebases and writing results to JSON/text reports, but it does not warn users that scanners may process sensitive source content such as secrets, proprietary code, or regulated data and may propagate that data into output artifacts. In this skill context, repository-wide analysis is expected and legitimate, which lowers suspicion of malicious intent, but the omission can still lead to unintended data exposure through generated reports, CI artifacts, or shared dashboards.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A hardcoded API key in frontend JavaScript is exposed to every client and can be extracted trivially from source, browser dev tools, or bundled assets. Even if intended for demo use, embedding secrets in client code enables unauthorized API use, quota abuse, and possible lateral access depending on the key's scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The deletion request sends authenticated data for a destructive operation with only a generic confirm dialog and no meaningful explanation of consequences. In the context of a technical-debt skill, that lack of disclosure is more dangerous because users would not reasonably expect the tool to perform live account deletion at all.

Missing User Warnings

High
Confidence
98% confidence
Finding
The login flow transmits credentials to a remote API without clear disclosure and then stores the resulting auth token in localStorage, increasing exposure to theft via XSS or malicious browser context. Because this is packaged within a technical-debt skill, the undisclosed credential handling is especially suspicious and violates user expectations about what the tool should do.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code transmits payment data to Stripe without any disclosure, consent, or indication that a tech-debt skill would send financial information externally. Because the skill context does not justify collecting or transmitting payment data, this unexpected exfiltration risk is more severe than it would be in a properly declared payment application.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Square request sends payment token and amount data to an external financial service from a skill that is supposed to analyze technical debt. This mismatch makes the behavior unexpectedly dangerous because users invoking a code-health tool would not anticipate financial-data transmission to third parties.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The PayPal integration sends financial transaction details to an external provider without any justification tied to the skill's stated purpose. In a technical-debt tracking context, this constitutes unexpected sensitive-data transfer and unauthorized operational capability.

External Transmission

Medium
Category
Data Exfiltration
Content
if payment_method["provider"] == "stripe":
                try:
                    # Stripe API call - no retry logic
                    response = requests.post(
                        "https://api.stripe.com/v1/charges",
                        headers={"Authorization": f"Bearer {self.stripe_key}"},
                        data={
Confidence
90% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
elif payment_method["provider"] == "square":
                # Square processing - duplicate code structure
                try:
                    response = requests.post(
                        "https://connect.squareup.com/v2/payments",
                        headers={"Authorization": f"Bearer {self.square_key}"},
                        json={
Confidence
82% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
elif payment_method["type"] == "paypal":
            # PayPal processing - more duplicate code
            try:
                response = requests.post(
                    "https://api.paypal.com/v2/checkout/orders",
                    headers={"Authorization": f"Bearer {self.paypal_key}"},
                    json={
Confidence
82% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
elif payment_method["provider"] == "square":
                # Square processing - duplicate code structure
                try:
                    response = requests.post(
                        "https://connect.squareup.com/v2/payments",
                        headers={"Authorization": f"Bearer {self.square_key}"},
                        json={
Confidence
82% confidence
Finding
requests.post( "https://connect.squareup.com/v2/payments", headers={"Authorization": f"Bearer {self.square_key}"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
elif payment_method["type"] == "paypal":
            # PayPal processing - more duplicate code
            try:
                response = requests.post(
                    "https://api.paypal.com/v2/checkout/orders",
                    headers={"Authorization": f"Bearer {self.paypal_key}"},
                    json={
Confidence
82% confidence
Finding
requests.post( "https://api.paypal.com/v2/checkout/orders", headers={"Authorization": f"Bearer {self.paypal_key}"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
try:
                    # Stripe API call - no retry logic
                    response = requests.post(
                        "https://api.stripe.com/v1/charges",
                        headers={"Authorization": f"Bearer {self.stripe_key}"},
                        data={
                            "amount": int(final_amount * 100),  # Convert to cents
Confidence
84% confidence
Finding
https://api.stripe.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# PayPal processing - more duplicate code
            try:
                response = requests.post(
                    "https://api.paypal.com/v2/checkout/orders",
                    headers={"Authorization": f"Bearer {self.paypal_key}"},
                    json={
                        "intent": "CAPTURE",
Confidence
84% confidence
Finding
https://api.paypal.com/

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal